How to make STS request User PIN after Logout

Question

How to make STS request User PIN after Logout

Asked 10 years, 3 months ago

Viewed 80 times

1

I’m having trouble executing a logout of the application using STS.

After clicking the Logout button, I Expose all the cookies I have, until I give the signout command of Federationauthentication, but it does not request the PIN again

Follow the logout code

 protected void BtnLogoutClick(object sender, EventArgs e)
        {
            WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;
            try
            {
                FormsAuthentication.SignOut();
                Session.Abandon();
            }
            finally
            {
                fam.SignOut(true);
            }
            SignOutRequestMessage signOutRequest = new SignOutRequestMessage(new Uri(System.Configuration.ConfigurationManager.AppSettings["CORP.STS.Certificado"]), System.Configuration.ConfigurationManager.AppSettings["CORP.STS.UrlCliente"]);
            FormsAuthentication.RedirectToLoginPage();
        }

Is there something wrong?

1 answer

Browser other questions tagged c# webforms authentication federation-authentication

You are not signed in. Login or sign up in order to post.

by okevinlira • **927** points · Answer 1 · 2014-03-24T14:53:09+00:00

I came to the following conclusion:

 protected void BtnLogoutClick(object sender, EventArgs e)
        {
            WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;
            try
            {
                FormsAuthentication.SignOut();
                Session.Abandon();
            }
            finally
            {
                fam.SignOut(true);
            }
            var signOutRequest = new SignOutRequestMessage(new Uri(System.Configuration.ConfigurationManager.AppSettings["Corp.STS.Certificado"]), System.Configuration.ConfigurationManager.AppSettings["Corp.STS.UrlCliente"]);
            FormsAuthentication.RedirectToLoginPage();

        }

With the above code it is possible to expire the logged in user. The reason he didn’t ask for the PIN again is because the PIN had already been checked earlier in the same browser session. so while opin is already checked in the browser (no use clearing cache or cookies) it will not prompt PIN Again.