diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs
index b280a437..0b393e38 100644
--- a/EnvelopeGenerator.API/Controllers/AuthController.cs
+++ b/EnvelopeGenerator.API/Controllers/AuthController.cs
@@ -3,17 +3,20 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 using EnvelopeGenerator.API.Models;
+using EnvelopeGenerator.Domain.Constants;
+using System.Net;
+using Microsoft.Extensions.Options;
 
 namespace EnvelopeGenerator.API.Controllers;
 
 /// <summary>
 /// Controller verantwortlich für die Benutzer-Authentifizierung, einschließlich Anmelden, Abmelden und Überprüfung des Authentifizierungsstatus.
 /// </summary>
-/// <param name="logger"></param>
 [Route("api/[controller]")]
 [ApiController]
-public partial class AuthController(ILogger<AuthController> logger) : ControllerBase
+public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions) : ControllerBase
 {
+    private readonly AuthTokenKeys authTokenKeys = authTokenKeyOptions.Value;
 
     /// <summary>
     /// Entfernt das Authentifizierungs-Cookie des Benutzers (AuthCookie)
@@ -31,14 +34,31 @@ public partial class AuthController(ILogger<AuthController> logger) : Controller
     /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
     [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize]
+    [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
     [HttpPost("logout")]
     public async Task<IActionResult> Logout()
     {
-        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+        if (User.IsInRole(Role.Sender))
+            Response.Cookies.Delete(authTokenKeys.Cookie);
+        else if (User.IsInRole(Role.Receiver.FullyAuth))
+            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+        else
+            return Unauthorized();
+
         return Ok();
     }
 
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="role"></param>
+    /// <returns></returns>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
+    [HttpGet("check")]
+    [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
+    public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized();
+
     /// <summary>
     /// Prüft, ob der Benutzer ein autorisiertes Token hat.
     /// </summary>