ASP.Net MVC: Log out User in case of session timeout with ASP.NET MVC5 with OWIN Authentication.

When you are using OWIN authentication in ASP.Net MVC 5 and also session to store your value. Then you need your user to be redirected to the Login page in case of session expire.  I searched so many blogs and found so many ways to do that, but what fits with my requirement is this what i want to share it with you all.

 For this there are several steps you need to do as below:

 Step 1:

 You need to create a new ActionFilterAttribute. This you need to create inside the Filterconfig class in the App_Start folder and then you need to add you filter in the RegisterGlobalFilters method. You calss to be look like below:

 public class FilterConfig
    {
        public static void RegisterGlobalFilters(GlobalFilterCollection filters)
        {
            filters.Add(new HandleErrorAttribute());
            filters.Add(new CheckSessionOutAttribute());
        }
        [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
        public class CheckSessionOutAttribute : ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
                string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower().Trim();
                string actionName = filterContext.ActionDescriptor.ActionName.ToLower().Trim();
                
                if (!actionName.StartsWith("login") && !actionName.StartsWith("sessionlogoff"))
                {
                    var session = HttpContext.Current.Session["SelectedSiteName"];
                    HttpContext ctx = HttpContext.Current;
                    //Redirects user to login screen if session has timed out
                    if (session == null)
                    {
                        base.OnActionExecuting(filterContext);
                        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                        {
                            controller = "Account",
                            action = "SessionLogOff"
                        }));

                     }
                }

             }
            
        }
    }
Step 2:
You need to create the above actionresult method which you have defined in your ActionFilter.
In that methind you need to singout the user from the OWIN. and redirect the user to a controller action which need login. Then the user will automatically be redirected to the Login view. If you are using this with ajax call through jquery then you need to do the Step 3.

        public ActionResult SessionLogOff()
        {
            AuthenticationManager.SignOut();
            return RedirectToAction("Index", "Home");

        }

 Step 3:
in the ajax call you need to track the success code where you will get the 401 code and based on that you need to redirect the user to the authorized controller action or login action.

  $.ajax({
                        type: "GET",
                        url: '@Url.Action("Step1", "Home")',
                        statusCode: {
                            401: function (data) {
                                // the user is not authenticated => redirect him to the login page
                                window.location.href = '@Url.Action("Login", "Account", new { Area = "" })';
                            }
                        },
                        success: function (resultdata) {
                            //Do your work with resultdata

                         },
                        error: function (errorThrown) {

                         }

                     });

 I hope this will help you people Lot. Let me know you feedback. :)

Comments

  1. UnknownDecember 24, 2015 at 12:37 AM

    Hello ,

    for my same issue i used your code but my application in loop to many redirect . How i solved this problem

    ReplyDelete
    Replies
    1. Hrushikesh PatelJanuary 30, 2016 at 3:46 AM

      Sorry to reply late. is your problem resolved? If not then can i get the detail of your code sample how you have implemented then i may resolve?

      Delete
  2. UnknownDecember 18, 2016 at 10:27 PM

    Code is
    public class SessionExpireFilterAttribute : ActionFilterAttribute
    {
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
    HttpContext ctx = HttpContext.Current;
    if (filterContext.HttpContext.Session["AdminId"] == null)
    {
    var auth = filterContext.HttpContext.GetOwinContext().Authentication;
    auth.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
    filterContext.HttpContext.Response.Redirect("~/Home/Login?sessionExpired=Your session has expired, please login again.");
    }
    base.OnActionExecuting(filterContext);
    }
    }

    ReplyDelete

Post a Comment

Popular posts from this blog

LINQ: Using int.TryParse() within a LINQ where clause

I pretty new to LINQ, and I’m keen to get more experience using it, so whenever an opportunity arises I like to try writing LINQ queries. I needed to write a method to extract a comma separated list of numbers from a config file, and return this as List. I was looking at ways to do this using LINQ, but hit a problem. I wanted my LINQ query to filter out any values in the CSV string that could not be parsed as an int, without causing an exception. Using int.TryParse() seemed like a possible solution, but I had problems because the TryParse() method has an out parameter to store the parsed result. I ended up with the code below, which seems to work, but looks very messy, because I think it is parsing the string twice. public static List<int> AuthorisedGroups { get       {             string[] authorisedGroupsStr = ConfigurationManager.AppSettings["AuthorisedGroups"].Split(new char[] { ...
Read more

ASP.Net MVC: Configuring asp.net session state in SQL Server.

Image
Step 1 : Go to the command prompt and run the following  commanad aspnet_regsql.exe -S <ServerName>- E -ssadd -sstype p where < ServerName > is the  name of the server where your  Database is located. here for my local machine we have given (local). Before running the command we need to check  file v4.0.30319 on the following path C:\Windows\Microsoft.NET\Framework if it is not found then we need to install  it.   After running the command it will create database for SQL session tables. So now go to the SQL server and there we can see that it has created Database named “ASPState”. For more option here is the Link http://msdn.microsoft.com/en-us/library/ms229862(v=vs.80).aspx See the following image. Step 2: Now go to the Security Tab (outside the Database)> Login >app pool  user here for my local system it is pspl-PC21\pspl Right click on app pool user ( pspl-PC21\p...
Read more

IIS: Publish Project to remote IIS with Web Deploy.

Image
To Push a build is too much hectic task. Like you need to publish to local machine and then copy to the remote IIS. Then can be eased by directly push the build to the remote IIS through web deploy. For this there is 2 things you need configure on in the remote IIS and other on your project file. Configuration on Remote IIS To make this whole thing work you need to install Microsoft Web Deploy and you need to choose all the feature to be install on the machine. you need to add the feature of IIS Management Service. for this you need to make sure you have added Management tool feature to the IIS. Configuration on the Project side In the Visual Studio right click on the solution and make a rebuild. Then right click on the web project and select the menu "Publish". On the Profile tab Drop down list select New Custom Profile. Give a name to the publish Profile and click OK. Then click next and on the next tab "Connection" sele...
Read more