ASP.NET WebForms is still authenticated after singing out from Okta

Mikaele · July 4, 2019, 9:52am

Hi,

I have been running some tests using this webforms guide: https://developer.okta.com/blog/2018/08/29/secure-webforms-with-openidconnect-okta

and this sample project:

The problem I’m having is that, even if I have logged out from Okta, the sample application still shows me as authenticated.

My expectation is that, once I sign out from Okta, I should no longer be authenticated in the WebForms app, however, it still shows me as authenticated.

Not sure if I’m doing it wrong or if the sample code is wrong. I guess what’s needed here is to add some sort of check if the Okta session is still active.

Thanks,
Mikael

nate.barbettini · July 10, 2019, 9:06pm

Sorry for the delay! We recently published some new Web Forms samples: https://github.com/okta/samples-aspnet-webforms

Can you try those and see if you still experience the issue?

Mikaele · July 26, 2019, 9:32am

Hi Nate,

Sorry for not getting back sooner, I have been on leave.

I have been running some tests with this sample:

However, this issue persists.
I sign in using the login button in the sample application, and I can see that I’m authenticated as a “Profile” button appears.

After that, I go to Okta and sign out from there. When I now return to the sample application, I am still authenicated. It does not help to close the application, restart visual studio and the browser, I’m still authenticated. The only way to sign out, is to click the “Logout” button on the sample application.

Thanks,
Mikael

McHolty · August 16, 2019, 1:49pm

I am having the same issue. Were you able to find a resolution?

I find that every issue with Okta is difficult to track down due to lack of support/working documentation.

Rich · March 30, 2023, 11:07am

I have a legacy .net 4.8 webforms application that is exhibiting this behavior. I don’t see any accepted resolution to this issue. Is there an update?

Gregg · October 13, 2023, 6:54pm

Same here … Web Forms, .Net 4.8.

… and when I try using the following on my logout page I get a 400. The only way to log out is by clearing browser cache.

Context.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType);

Post		Replies	Views
Okta in an ASP.NET Webform application Questions	4	3076	February 12, 2024
Need some help and/or demo code Questions	3	6226	March 22, 2022
WebForm signs out but Okta stays authenticated Questions	5	4268	January 24, 2024
ASP.NET Webforms IsAuthenticated and User not being set Questions	2	3866	October 19, 2021
Asp.net Webforms - Okta OIDC Request.IsAuthenticated is always coming as false Questions	6	7085	January 31, 2022

ASP.NET WebForms is still authenticated after singing out from Okta

Related topics