How can I force a log out of all users for a website?

by

As Joe suggests, you could write an HttpModule to invalidate any cookies present before a given DateTime. If you put this in the config file, you could add / remove it when necessary. For example,

Web.config:

<appSettings>
  <add key="forcedLogout" value="30-Mar-2011 5:00 pm" />
</appSettings>

<httpModules>
  <add name="LogoutModule" type="MyAssembly.Security.LogoutModule, MyAssembly"/>
</httpModules>

HttpModule in MyAssembly.dll:

public class LogoutModule: IHttpModule
{
    #region IHttpModule Members
    void IHttpModule.Dispose() { }
    void IHttpModule.Init(HttpApplication context)
    {
        context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
    }
    #endregion


    /// <summary>
    /// Handle the authentication request and force logouts according to web.config
    /// </summary>
    /// <remarks>See "How To Implement IPrincipal" in MSDN</remarks>
    private void context_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpApplication a = (HttpApplication)sender;
        HttpContext context = a.Context;

        // Extract the forms authentication cookie
        string cookieName = FormsAuthentication.FormsCookieName;
        HttpCookie authCookie = context.Request.Cookies[cookieName];
        DateTime? logoutTime = ConfigurationManager.AppSettings["forcedLogout"] as DateTime?;
        if (authCookie != null && logoutTime != null && authCookie.Expires < logoutTime.Value)
        {
            // Delete the auth cookie and let them start over.
            authCookie.Expires = DateTime.Now.AddDays(-1);
            context.Response.Cookies.Add(authCookie);
            context.Response.Redirect(FormsAuthentication.LoginUrl);
            context.Response.End();
        }
    }
}

More Related Contents:

  1. How to write code that runs once
  2. How do I get the contents of a JSON file I added in the StartUp method to use it in one of my actions?
  3. is there a more efficient way to write this sql code?
  4. HTML.ActionLink method
  5. LINQ to Entities does not recognize the method ‘System.String ToString()’ method, and this method cannot be translated into a store expression
  6. Why does the EF 6 tutorial use asynchronous calls?
  7. Pass array to mvc Action via AJAX
  8. C# 6.0 Features Not Working with Visual Studio 2015
  9. Hyphenated html attributes with asp.net mvc
  10. Display image from database in asp mvc
  11. Implementing Audit Log / Change History with MVC & Entity Framework
  12. C# with MySQL INSERT parameters
  13. The entity type ‘Microsoft.AspNet.Identity.EntityFramework.IdentityUserLogin’ requires a key to be defined
  14. MVC model validation for date
  15. How to use npm with ASP.NET Core
  16. Rendering Partial Views using ajax
  17. How can I change IIS Express port for a site
  18. How to figure out which key of ModelState has error
  19. mvc Html.BeginForm different URL schema
  20. Best programming practice of using DropDownList in ASP.Net MVC
  21. ASP.NET Identity – Multiple object sets per type are not supported
  22. ASP.NET MVC 5 error handling
  23. How to download a file to browser from Azure Blob Storage
  24. ASP.Net MVC – model with collection not populating on postback
  25. The name ‘ViewBag’ does not exist in the current context – Visual Studio 2015
  26. How to mock Controller.User using moq
  27. MVC HTML Helpers and Lambda Expressions
  28. How to edit multiple models in a single Razor View
  29. ASP.NET MVC 3 – redirect to another action
  30. Incorrect string value: ‘\xEF\xBF\xBD’ for column

Leave a Comment