Logout from windows authentication??

is it possible to for user to click a logout button to logout and when the
user want to get into the system again, the user have to login again?


Kevin

Kevin Yu

Windows Authentication is based on the current windows login, I dont think
you can issue a system logout request from a webpage without using some kind
of ActiveX control.

MattC
"Kevin Yu" <> wrote in message
news:...
> is it possible to for user to click a logout button to logout and when the
> user want to get into the system again, the user have to login again?
>
>
> Kevin
>
>

" Windows Authentication is based on the current windows login,"

what current windows login? you mean the login to the workstation? no, it's
the crudential that the user enter when prompt by the authentication server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can find
more information on how this works, there got to be someway to logout for
the users.





I dont think
> you can issue a system logout request from a webpage without using some
kind
> of ActiveX control.
>
> MattC
> "Kevin Yu" <> wrote in message
> news:...
> > is it possible to for user to click a logout button to logout and when
the
> > user want to get into the system again, the user have to login again?
> >
> >
> > Kevin
> >
> >
>
>

Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
the window should kill the current authentication process. Have you tried
abandoning the current Session to see if that clears user authentication
details?

MattC
"Kevin Yu" <> wrote in message
news:%...
>" Windows Authentication is based on the current windows login,"
>
> what current windows login? you mean the login to the workstation? no,
> it's
> the crudential that the user enter when prompt by the authentication
> server,
> the user need to be in the AD or in the authenticating server. after the
> user it's authenticated, the subsequent communication will contain the
> authenticated info in the httpContext. now I am not sure where I can
> find
> more information on how this works, there got to be someway to logout for
> the users.
>
>
>
>
>
> I dont think
>> you can issue a system logout request from a webpage without using some
> kind
>> of ActiveX control.
>>
>> MattC
>> "Kevin Yu" <> wrote in message
>> news:...
>> > is it possible to for user to click a logout button to logout and when
> the
>> > user want to get into the system again, the user have to login again?
>> >
>> >
>> > Kevin
>> >
>> >
>>
>>
>
>

MattC

thank you for your response.

in fact, clearing the session collection won't help, since it does nothing
to the authentication process/authenitcated commnunication
in the httpContext

Kevin




"MattC" <> wrote in message
news:%...
> Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
> the window should kill the current authentication process. Have you tried
> abandoning the current Session to see if that clears user authentication
> details?
>
> MattC
> "Kevin Yu" <> wrote in message
> news:%...
> >" Windows Authentication is based on the current windows login,"
> >
> > what current windows login? you mean the login to the workstation? no,
> > it's
> > the crudential that the user enter when prompt by the authentication
> > server,
> > the user need to be in the AD or in the authenticating server. after the
> > user it's authenticated, the subsequent communication will contain the
> > authenticated info in the httpContext. now I am not sure where I can
> > find
> > more information on how this works, there got to be someway to logout
for
> > the users.
> >
> >
> >
> >
> >
> > I dont think
> >> you can issue a system logout request from a webpage without using some
> > kind
> >> of ActiveX control.
> >>
> >> MattC
> >> "Kevin Yu" <> wrote in message
> >> news:...
> >> > is it possible to for user to click a logout button to logout and
when
> > the
> >> > user want to get into the system again, the user have to login again?
> >> >
> >> >
> >> > Kevin
> >> >
> >> >
> >>
> >>
> >
> >
>
>

I came across this in a forum, so I guess it's in the windows authentication
design, not
much can be done.

The user credentials are being cached by the client browser, not by IIS. To
force the client user to enter credentials again, you would need to send an
appropriate 401 status message in response to the next client request.
However, doing this would run counter to very legitimate user expectations
of how Windows authentication is supposed to work, so you may want to
reconsider. When Windows user credentials have already been accepted by a
server (either via a login dialog or automatic submission under IE
configuration for the target site or zone), a 401 is only expected if a
requested resource cannot be accessed under the previously supplied
credentials. When you send a 401 after any credentials have been previously
accepted, the user should expect that they need to use different credentials
from their initial login. If you're expecting the same credentials, then
user confusion should be anticipated.

All in all, if you really want to force a new login, perhaps a different
authentication mode might be more appropriate..




"MattC" <> wrote in message
news:%...
> Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
> the window should kill the current authentication process. Have you tried
> abandoning the current Session to see if that clears user authentication
> details?
>
> MattC
> "Kevin Yu" <> wrote in message
> news:%...
> >" Windows Authentication is based on the current windows login,"
> >
> > what current windows login? you mean the login to the workstation? no,
> > it's
> > the crudential that the user enter when prompt by the authentication
> > server,
> > the user need to be in the AD or in the authenticating server. after the
> > user it's authenticated, the subsequent communication will contain the
> > authenticated info in the httpContext. now I am not sure where I can
> > find
> > more information on how this works, there got to be someway to logout
for
> > the users.
> >
> >
> >
> >
> >
> > I dont think
> >> you can issue a system logout request from a webpage without using some
> > kind
> >> of ActiveX control.
> >>
> >> MattC
> >> "Kevin Yu" <> wrote in message
> >> news:...
> >> > is it possible to for user to click a logout button to logout and
when
> > the
> >> > user want to get into the system again, the user have to login again?
> >> >
> >> >
> >> > Kevin
> >> >
> >> >
> >>
> >>
> >
> >
>
>

MattC

there is a workaround. it need to clear the identity token on the client
browser cache, but only IE6 + sp1 support
the javascript function, for the rest of the IE version, an activeX is
needed to clear the cache.

Kevin


"MattC" <> wrote in message
news:%...
> Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
> the window should kill the current authentication process. Have you tried
> abandoning the current Session to see if that clears user authentication
> details?
>
> MattC
> "Kevin Yu" <> wrote in message
> news:%...
> >" Windows Authentication is based on the current windows login,"
> >
> > what current windows login? you mean the login to the workstation? no,
> > it's
> > the crudential that the user enter when prompt by the authentication
> > server,
> > the user need to be in the AD or in the authenticating server. after the
> > user it's authenticated, the subsequent communication will contain the
> > authenticated info in the httpContext. now I am not sure where I can
> > find
> > more information on how this works, there got to be someway to logout
for
> > the users.
> >
> >
> >
> >
> >
> > I dont think
> >> you can issue a system logout request from a webpage without using some
> > kind
> >> of ActiveX control.
> >>
> >> MattC
> >> "Kevin Yu" <> wrote in message
> >> news:...
> >> > is it possible to for user to click a logout button to logout and
when
> > the
> >> > user want to get into the system again, the user have to login again?
> >> >
> >> >
> >> > Kevin
> >> >
> >> >
> >>
> >>
> >
> >
>
>