MVC4 Membership: How do I notify membership provider on logout?

1
votes

I have cretated a very basic MVC 4 site using the VS2012 "Internet Application" template and I'm trying to implement a custom MembershipProvider class.

On login, the template code calls WebSecurity.Login(...) which ends up calling my providers ValidateUser method.

On logout, the template code calls WebSecurity.Logout() but as far as I can tell, this does not call any methods on my membership provider.

I need to find a way to notify my authentication back-end that the user logged out.

  • Exactly what does WebSecurity.Logout do?
  • How should I notify the membership provider that the user has logged out?
1
asp.net-mvc-4membership-providermembership

1 Answers

4
votes
  • Exactly what does WebSecurity.Logout do?

It calls the SignOut method on the FormsAuthentication class to remove the forms authentication cookie.

  • How should I notify the membership provider that the user has logged out?

It's not the responsibility of a membership provider to know whether a user has logged in or out. You should use the [Authorize] attribute on your controller actions or call the User.IsInRole("someRole") to test whether the current user is authenticated or not.