MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Trapping "Sign-Out" in login.aspx

  Asked By: Stella    Date: Oct 21    Category: MOSS    Views: 6446

We are using MOSS 2007 and Forms-based authentication and a custom
login.aspx script. We need to be able to trap when a user clicks on
"Sign-Out" to perform some other actions.

Looks like someone forgot to include a query string parameter indicating
a logout took place. Login.aspx is called with the following

Upon initial access to the site
GET /_layouts/login.aspx?ReturnUrl=/_layouts/Authenticate.aspx&Source=/

as a different user

GET /_layouts/login.aspx?ReturnUrl=/_layouts/Authenticate.aspx&Source=/

As you can see, the query strings are the same upon initial access to
the site and on sign-out. My login.aspx needs a way to differentiate the

After a user clicks Sign-Out, SharePoint calls
FormsAuthentication.SignOut() and then redirects to login.aspx. In both
cases, (initial login and after sign-out) the user is already logged out
so I cant use any .net auth routines to differentiate.

I then modified my login.aspx page to set a cookie on login, and then
checked for the presence of this cookie to indicate a logout is taking
effect. However, this has proven to be problematic.

Anyone have any other ideas/suggestions? Not sure why an &SignOut was
left out of the Sign-Out query string.



12 Answers Found

Answer #1    Answered By: Faith Delgado     Answered On: Oct 21

I'm assuming you are doing this to clean up some resource that the Logged-In
user has been using. If so, how will you handle when a user simply closes
and re-opens the browser? This is also a Sign-out, but would not be an
event you would ever be able to trap from the Login screen. If the system
works correctly for this scenario I'm not sure why it wouldn't work properly
on Sign-out without trapping that the user signed-out.

Could you provide a bit more detail what you are needing to do on Sign-out
that requires trapping it?

Answer #2    Answered By: Iris Ballard     Answered On: Oct 21

The company already has its own Single Sign-On solution for webapps in
the form of an ISAPI filter that sits in front of IIS (and other
webservers). Basically, the filter redirects unauthenticated users over
to a secure website with a standard branded form where they can login
with their credentials. Upon successful validation, a secure ticket is
issued (session-based cookie) and the user is then redirected back to
the application (SharePoint). The ISAPI filter will check to ensure the
secure ticket is present (hashed for security) and allow them into the
application. From there, our login.aspx is querying an environment
variable set by the ISAPI filter to pull out the username and
automatically logg the user into SharePoint. Thus when a user logs out
of SharePoint, I need to trap it so I can delete the secure ticket -
otherwise they will be logged right back in again. Since the secure
ticket is session-based, closing the browser kills the cookie so is not
a problem in my case.

Answer #3    Answered By: Selena Glenn     Answered On: Oct 21

About the only thing I can come up with that would allow you to do this
would be to replace the SignOut Action Item on the menu with your own
SignOut action. You could then cancel the session in that and redirect back
to the login  screen. The custom action could be deployed as a
WebApplication or Farm level Feature. Might take some work, but it should
be possible.

Answer #4    Answered By: Kalpana Ghatge     Answered On: Oct 21

Yea, what you suggest I have seen done before for the Site Actions
button as well as adding/removing options in the SharePoint UI. However,
I wasnt sure where to start to manipulate the dropdown menu
programmatically under the users name once logged in. Apparently, the
dropdown menu is coming from ~controlTemplates/Welcome.ascx ...

Any docs you can point me too?

Answer #5    Answered By: Bobbie Rodgers     Answered On: Oct 21

Take a look at the following BLOG. It describes how to add a menu entry to
the SiteActions menu using a Feature. It's the same procedure, just a
different GroupID in the Elements.xml file. I think the GroupID you need is


Answer #6    Answered By: Bhumi Gokhale     Answered On: Oct 21

I have sucessfully added a custom action into the drop-down menu. What I
need to do now is obviously hide the original Sign-Out button. I've
tried several combinations of <HideCustomAction>, but I can't seem to
influence any of the pre-existing menu items. Could this be because
they are hardcoded in welcome.ascx? Welcome.ascx refers to the Sign-Out
ID as ID_Logout but I can't seem to get it to hide.

This is what I have:

Location="Microsoft.SharePoint.StandardMenu" />

Answer #7    Answered By: Vinay Thakur     Answered On: Oct 21

I would have tried it the same way you did. Have you looked at the
WELCOME.ASCX user control in the /templates/controltemplates directory of
the 12 hive. That's where the signout menu entry is defined. Not an
elegent solution, but you could just comment out the whole menuitemtemplate
entry for ID_Logout. I hate to make changes to Microsoft files in the 12
hive, but that should work.

Answer #8    Answered By: Aakash Gavade     Answered On: Oct 21

But wouldnt that impact all sites under sharepoint? I.e central admin
and other site collections (windows auth)

Answer #9    Answered By: Dara Hobbs     Answered On: Oct 21

Yes it would, but I thought this was a universal corporate wide SSO system.
Don't you want it to apply to every site?

Answer #10    Answered By: Abhinivesh Suvarna     Answered On: Oct 21

Typically yes, but you never know what requirements come down the pipe

Answer #11    Answered By: Micheal Knight     Answered On: Oct 21

Just had another thought. Try including a sequence number above 300. It
might be that the HideCustomAction is getting processed prior to the
CustomAction since it has a sequence number in Welcome.ascx.

Answer #12    Answered By: Yvonne Rodriquez     Answered On: Oct 21

The feature wont install when I include a sequence number inside the
HideCustomAction element

Throws a "The 'Sequence' attribute is not declared"

Didn't find what you were looking for? Find more on Trapping "Sign-Out" in login.aspx Or get search suggestion and latest updates.