I'm new to WIF and have some questions to the logout process.
This is what I have:
- A local STS provider, based on the sample from Steve's Dev Box.
- A MVC5 client, selected new ASP.Net Web Application, MVC, authentication set to Organizational Accounts, On-Premises.
- The client is then changed to allow anonymous connections, AuthenticationMode set to Forms, added a login page and the AuthorizeAttribute to some methods in HomeController. And it all works nicely.
To the question - how to logout the right way ?
If I simply call:
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(true);
return Redirect(Url.RouteUrl(new { controller = "home", action = "index" }));-the client seems to have been loggedout (Thread.CurrentPrincipal.Identity.IsAuthenticated is false), but the STS service doesn't know about it (the service is not called). I guess the token is still valid since the service hasn't deleted it. So, how should
I logout ?
/Peter