Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forcing Reauthentication for a Webform with NTLM auth..ion

Reply
Thread Tools

Forcing Reauthentication for a Webform with NTLM auth..ion

 
 
Andrew_Revinsky
Guest
Posts: n/a
 
      07-09-2004
Hi,

please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)

The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.

Thank you for your input on this!

--
Best regards,

Andrew P. Revinsky
 
Reply With Quote
 
 
 
 
Raterus
Guest
Posts: n/a
 
      07-13-2004
There is no way to remove the browser credentials other than actually closing the browser.

http://groups.google.com/groups?hl=e...gbl%26rnum%3D2

"Andrew_Revinsky" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Hi,
>
> please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)
>
> The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.
>
> Thank you for your input on this!
>
> --
> Best regards,
>
> Andrew P. Revinsky

 
Reply With Quote
 
 
 
 
Andrew_Revinsky
Guest
Posts: n/a
 
      07-14-2004
Thanks, Raterus,

so, there is not such solution? Closing a browser means you don't see a web resource, meaning you have to open the browser still. Catch 22.

I know, that for some web resources on our intranet, when a virtual directory (which is mapped to a physical location) is missing mapping credentials, the users receive a standard authentication prompt.

May this behavior be emulated - this is the question?

--
Best regards,

Andrew P. Revinsky


"Raterus" wrote:

> There is no way to remove the browser credentials other than actually closing the browser.
>
> http://groups.google.com/groups?hl=e...gbl%26rnum%3D2
>
> "Andrew_Revinsky" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > Hi,
> >
> > please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)
> >
> > The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.
> >
> > Thank you for your input on this!
> >
> > --
> > Best regards,
> >
> > Andrew P. Revinsky

>

 
Reply With Quote
 
Ian Ringrose
Guest
Posts: n/a
 
      07-14-2004
I have done this,

See "Mixing Forms and Windows Security in ASP." in MSDN for the hint on how
to do this. You make use of Forms Authentication within you application, but
automatically log on the user with NTLM authentication when they first hit
the site.

Your logout button takes them to the Forms Authentication logon page.

http://msdn.microsoft.com/library/en...edsecurity.asp

Ian Ringrose
Ringi at bigfoot dot com

"Andrew_Revinsky" <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> Thanks, Raterus,
>
> so, there is not such solution? Closing a browser means you don't see a

web resource, meaning you have to open the browser still. Catch 22.
>
> I know, that for some web resources on our intranet, when a virtual

directory (which is mapped to a physical location) is missing mapping
credentials, the users receive a standard authentication prompt.
>
> May this behavior be emulated - this is the question?
>
> --
> Best regards,
>
> Andrew P. Revinsky
>
>
> "Raterus" wrote:
>
> > There is no way to remove the browser credentials other than actually

closing the browser.
> >
> >

http://groups.google.com/groups?hl=e...gbl%26rnum%3D2
> >
> > "Andrew_Revinsky" <(E-Mail Removed)> wrote in

message news:(E-Mail Removed)...
> > > Hi,
> > >
> > > please suggest if there is a way (and what is it) to force a web

application to "forget" a current user (authenticated with NTLM
authentication) and make Internet Explorer show a dialog box prompting for
authentication (username/password/domain)? (And then, have this session run
under a newly entered credentials?)
> > >
> > > The reason for this question is I am trying to implement a

functionality of "Logging Off". This option is rarely needed in our domain,
but when it is, it's when the web application is run on a "shared" computer.
> > >
> > > Thank you for your input on this!
> > >
> > > --
> > > Best regards,
> > >
> > > Andrew P. Revinsky

> >



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ANN: python-ntlm - provides NTLM support, including an authenticationhandler for urllib2 Matthijs Python 0 12-10-2008 03:38 PM
Reauthentication of Wireless User does not get prompt =?Utf-8?B?RGVsb24=?= Wireless Networking 1 05-26-2006 02:32 AM
Force reauthentication with basic auth on IIS? JGH Java 1 02-09-2005 02:16 AM
no automatic reauthentication/reconnect Lars P. Wireless Networking 0 02-01-2005 02:18 PM
How to force reauthentication of a Web service client (Basic auth) Alek Davis ASP .Net Security 0 10-24-2003 06:19 PM



Advertisments