SharePoint Experts, Information Architects, Expert Witness

SICG provides a broad array of business and technology consulting from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. We focus on the "How", not just the possible. Contact me direct: or call 704-873-8846 x704.

Search This Blog

Wednesday, August 24, 2011

SharePoint Logout with UAG

Unified Access Gateway (UAG) and SharePoint Logout

If you are working with UAG and SharePoint, you might find that there are some oddities in the Log out process. Specifically, you might see some of the following symptoms:

·         Trying to Login as a Different user displays a ‘not found’ UAG page
·         Logout of SharePoint leaves user logged in to UAG
·         Logout of SharePoint leaves user logged in to SharePoint
·         Logout redirects to a bad page

Note: This has also been found to be an issue using ISA and Forefront.

There are a few ways to deal with the issue but bear in mind, that you must use the SharePoint logout process to ensure that users are indeed logged out. You can use a combination of the following solutions to customize a way to deal with it on your site.

The Menu:

The first issue you have to deal with is the menu; that is the menu where users can either logout or login as a different user. This is a control that can be located under c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\ControlTemplates\Welcome.ascx. You can edit this file directly (make a backup first) or you can create a feature to overlay this file in a SharePoint farm so that you do not have to worry about keeping the servers in sync (see below).

Within this control, you have a few options:

1)      You can simply delete the ‘login as a different user’ option – this section of code looks like this:

<SharePoint:MenuItemTemplate runat="server" id="ID_LoginAsDifferentUser"

2)      You can add your own menu option to send the user to a different page for that option and use the same method to replace the Logout:

<Sharepoint:MenuItemTemplate runat="server" id="ID_OverrideLogout" Text="Custom Logout"       ClientOnClickNavigateUrl="/_layouts/CustomPages/CustomSignout.aspx"
       Description="My Custom Logout"
   UseShortId="true" />

3)      You can remove both options completely and a) replace it with your own custom link or b) integrate a logout button in your Master Page.

Creating a Welcome replacement feature:

The easiest way to deploy your custom welcome control is to create a simple feature that copies the file into a custom folder under CONTROLTEMPLATES as well as deploy a new master page that has the control path adjusted:

<%@ Register TagPrefix="wssuc" TagName="Welcome" src="~/_controltemplates/Welcome.ascx" %>


<%@ Register TagPrefix="wssuc" TagName="Welcome" src="~/_controltemplates/CustomFolder/Welcome.ascx" %>

Developing this as a feature is absolutely necessary if you intend to have multiple sites and do not what to have this change apply to all of them. This takes a bit more work that here; rather than duplicate, you can see the post on this here:

NOTE: DO NOT attempt to overwrite the original Welcome.ascx file using a feature (this is possible since the Control Templates folder can be selected) since it will erase the original file. The problem is that you cannot copy or backup the file via the feature and when the feature is removed, the ASCX file will be removed with it.

The Custom Logout Page:

To ensure the user is logged out properly, it is necessary to run the SharePoint controls that kill the cookie, etc. This is easily done by making a copy of the signout.aspx file located in c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\Layouts\.

In that same folder, you should create a new folder called CustomPages – this is where the custom logout page should be placed. In this way, you can always reference the file with the relative URL of /_layouts/CustomPages.

The Custom Logout page looks like this (Notice the JavaScript section – this determines the type of browser and attempts to clear the user’s authentication. At the end if redirects to a new page using window.location. The URL is whatever page the user should go to once logged out, typically a site that has anonymous access.):

<%@ Assembly Name="Microsoft.SharePoint.ApplicationPages, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%> <%@ Page Language="C#" Inherits="Microsoft.SharePoint.ApplicationPages.SignOutPage" MasterPageFile="~/_layouts/simple.master"       %> <%@ Import Namespace="Microsoft.SharePoint.ApplicationPages" %> <%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> <%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> <%@ Import Namespace="Microsoft.SharePoint" %> <%@ Assembly Name="Microsoft.Web.CommandUI, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<asp:Content ContentPlaceHolderId="PlaceHolderPageTitle" runat="server">
       <SharePoint:EncodedLiteral runat="server" text="<%$Resources:wss,signout_pagetitle%>" EncodeMethod='HtmlEncode'/>
<asp:Content ContentPlaceHolderId="PlaceHolderPageTitleInTitleArea" runat="server">
       <SharePoint:EncodedLiteral runat="server" text="<%$Resources:wss,signout_pagetitle%>" EncodeMethod='HtmlEncode'/>
<asp:content contentplaceholderid="PlaceHolderAdditionalPageHead" runat="server">
<script type="text/javascript">
window.location = "";

<asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server">
       <asp:Label id="lbPageDescription" Text="<%$Resources:wss,signout_pagedescription%>" runat="server"/>
<!-- This is put in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\LAYOUTS\CustomPages -->

Creating the Custom Logout URL Feature:

Depending on your environment or governance, you may not be able to alter SharePoint’s default files so you can get around this using a feature.  

Step 1:

Create a new Empty SharePoint project in Visual Studio called ChangeURLSignoutFeature (you can call it whatever you like if you don’t like that name).

Step 2:

When prompted, select the site you wish to deploy to and leave the Sandbox Solution selected (do not deploy as a farm solution!) and click Finish.

Step 3:

When the project opens, right click on the Features folder and from the menu, select Add Feature. When the feature is created it will have the default name of “Feature1”, rename it to ChgSOURLFeature (again, you can use a different name if desired) then update the feature title and description.

Step 4:

Right click on the Feature and select Add Event Receiver. This will create an empty event handler (code commented out) using the same name as the feature itself.

Step 5:

Code the Event Handler with the following – this will be triggered on Activate and Deactivate of the feature:

using System;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Security;
using Microsoft.SharePoint.Administration; 

namespace ChangeSignoutURLFeature.Features.ChgSOUrlFeature
    /// <summary>
    /// This class handles events raised during feature activation, deactivation, installation, uninstallation, and upgrade.
    /// </summary>
    /// <remarks>
    /// The GUID attached to this class may be used during packaging and should not be modified.
    /// </remarks>

    public class ChgSOUrlFeatureEventReceiver : SPFeatureReceiver
        // Set page on Activate:
        public override void FeatureActivated(SPFeatureReceiverProperties properties)
            SPSite featureSite = (SPSite)properties.Feature.Parent;
            SPWebApplication webApp = featureSite.WebApplication;
            if (webApp != null)
                if (!webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.Signout, "/_layouts/CustomPages/CustomSignout.aspx"))
                    throw new SPException("Unable to update the custom signout page");
        // Reset to default on Deactivate:
        public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
            SPSite featureSite = (SPSite)properties.Feature.Parent;
            SPWebApplication webApp = featureSite.WebApplication;
            if (webApp != null)
                if (!webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.Signout, null))
                    throw new SPException("Could not restore default signout page");

Compile the project and assuming all is well with the compile, try deploying it to your site. If you do this from Visual Studio, it will automatically activate. If you use the WSP to install (as you would in a production site) using the STSADM –o AddSolution command, you must navigate to the site, select Site Actions > Site Settings then click Site Features. When the list of features opens, you can activate the feature.

You can then try the logout to verify it is running your custom page.

That’s all there is to it!!!

1 comment:

SharePoint Engine said...

SharePoint Development is evolving with a lightning speed day by day as companies are growing. As companies grow, it is difficult to manage the record of files, documents, and their location in the companies. SharePoint Development helps you to store the files and documents and share it on a central site.

Sharepoint counsulting