How can I sign out of a website using JavaScript in ASP.NET Core?

Signing out of a website in ASP.NET Core typically involves invalidating the user's authentication cookie or token. While JavaScript can initiate this process, it cannot directly manipulate server-side authentication mechanisms. Instead, JavaScript is used to trigger a request to a server-side endpoint that handles the sign-out logic.

Here's a breakdown of how to achieve this:

1. Create a Sign-Out Endpoint in ASP.NET Core:

- In your ASP.NET Core application, you need a controller action that handles the sign-out process. This action will typically use the SignOutAsync method from the HttpContext.Authentication property.

- Example Controller Action:

[HttpPost]
public async Task<IActionResult> Logout()
{
  await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
  return Redirect("/"); // Redirect to the home page or login page
}

2. JavaScript to Trigger the Sign-Out:

- Use JavaScript to make a POST request to the sign-out endpoint. This can be done using the fetch API or XMLHttpRequest.

- Example JavaScript Code:

function signOut() {
  fetch('/logout', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-CSRF-TOKEN': document.querySelector('input[name="__RequestVerificationToken"]').value
    }
  })
  .then(response => {
    if (response.ok) {
      window.location.href = '/'; // Redirect to the home page or login page
    } else {
      console.error('Sign out failed');
    }
  })
  .catch(error => {
    console.error('Error during sign out:', error);
  });
}

3. HTML Button to Trigger the JavaScript:

- Add a button or link in your HTML that calls the signOut function when clicked.

- Example HTML:

<button onclick="signOut()">Sign Out</button>

4. CSRF Token:

- ASP.NET Core uses Anti-Forgery Tokens to prevent CSRF attacks. Make sure to include the token in your form or AJAX request. The example JavaScript code above includes the token in the header.

5. Explanation:

- The JavaScript function signOut sends a POST request to the /logout endpoint. The ASP.NET Core controller action then invalidates the user's authentication cookie, effectively signing them out. After successful sign-out, the user is redirected to the home page or login page.

By following these steps, you can implement a secure and user-friendly sign-out process using JavaScript in your ASP.NET Core application.

Learn more about this