Recently I integrated my web app with Azure ACS but was having a difficult time signing out of ACS (deleting my cookie off the .accesscontrol.windows.net server). The following code will create a wsignout1.0 message. Essentially it will construct a url with the action parameter set to “wsignout1.0”. An additional parameter “wreply” allows you to specify a url to redirect to after you have been signed out:

public ActionResult LogOff()
{
    // Load Identity Configuration
    FederationConfiguration config = FederatedAuthentication.FederationConfiguration;
 
    // Get wtrealm from WsFederationConfiguation Section
    string wtrealm = config.WsFederationConfiguration.Realm;
    string wreply;
 
    // Construct wreply value from wtrealm (This will be the return URL to your app)
    wreply = wtrealm;
 
    // Read the ACS Ws-Federation endpoint from web.Config
    // something like "https://<your-namespace>.accesscontrol.windows.net/v2/wsfederation"
    string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];
 
    SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint));
 
    signoutRequestMessage.Parameters.Add("wreply", wreply);
    signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);
 
    FederatedAuthentication.SessionAuthenticationModule.SignOut();
 
    string signoutUrl = signoutRequestMessage.WriteQueryString();
 
    return this.Redirect(signoutUrl);
}

Got a question? Send me a message on twitter: @tekguy