Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Windows auth timeout

Reply
Thread Tools

Windows auth timeout

 
 
Tumurbaatar S.
Guest
Posts: n/a
 
      11-08-2005
My app uses Windows auth and it seems it does not
have any method to sign out a user. Is there any way
to do it?


 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      11-08-2005
Hello Tumurbaatar S.,

When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
Internet Explorer (IE) will continue sending the same credentials for each
subsequent request to the server until one of two things happens: either
(a) the user closes their browser or (b) the server refuses the credentials
with a 401 status code.

Beginning with IE6 SP1 the following piece of javascript code will clear
IE's credentials cache. Note, that this will clear the credentials cache
for the entire iexplore.exe process, so users will be forced to re-authenticate
to any site being accessed by that process (in case they have multiple windows
open pointing to multiple websites):

// Clear current credentials
// Requires IE6 SP1 or later
document.execCommand(ClearAuthenticationCache, false)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> My app uses Windows auth and it seems it does not have any method to
> sign out a user. Is there any way to do it?
>



 
Reply With Quote
 
 
 
 
Tumurbaatar S.
Guest
Posts: n/a
 
      11-08-2005
Thank you!

"Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed). com...
> Hello Tumurbaatar S.,
>
> When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
> Internet Explorer (IE) will continue sending the same credentials for each
> subsequent request to the server until one of two things happens: either
> (a) the user closes their browser or (b) the server refuses the
> credentials with a 401 status code.
>
> Beginning with IE6 SP1 the following piece of javascript code will clear
> IE's credentials cache. Note, that this will clear the credentials cache
> for the entire iexplore.exe process, so users will be forced to
> re-authenticate to any site being accessed by that process (in case they
> have multiple windows open pointing to multiple websites):
>
> // Clear current credentials
> // Requires IE6 SP1 or later
> document.execCommand(ClearAuthenticationCache, false)
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> My app uses Windows auth and it seems it does not have any method to
>> sign out a user. Is there any way to do it?
>>

>
>



 
Reply With Quote
 
Ken Schaefer
Guest
Posts: n/a
 
      11-11-2005
If you're going to cut-n-paste stuff straight from someone else's website
then at least provide a link. Then they can see the whole thing, and links
to MSDN etc. Whole post is here:
http://www.adopenstatic.com/cs/blogs.../04/12/14.aspx

Cheers
Ken

"Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed). com...
: Hello Tumurbaatar S.,
:
: When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
: Internet Explorer (IE) will continue sending the same credentials for each
: subsequent request to the server until one of two things happens: either
: (a) the user closes their browser or (b) the server refuses the
credentials
: with a 401 status code.
:
: Beginning with IE6 SP1 the following piece of javascript code will clear
: IE's credentials cache. Note, that this will clear the credentials cache
: for the entire iexplore.exe process, so users will be forced to
re-authenticate
: to any site being accessed by that process (in case they have multiple
windows
: open pointing to multiple websites):
:
: // Clear current credentials
: // Requires IE6 SP1 or later
: document.execCommand(ClearAuthenticationCache, false)
:
: ---------------------------------------
: Dominick Baier - DevelopMentor
: http://www.leastprivilege.com
:
: > My app uses Windows auth and it seems it does not have any method to
: > sign out a user. Is there any way to do it?
: >
:
:


 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      11-11-2005
Hello Ken,

sorry. this was living in a .txt file for a while on my desktop - couldn't
find the original link.

didn't want to steal your IP.


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> If you're going to cut-n-paste stuff straight from someone else's
> website then at least provide a link. Then they can see the whole
> thing, and links to MSDN etc. Whole post is here:
> http://www.adopenstatic.com/cs/blogs.../04/12/14.aspx
>
> Cheers
> Ken
> "Dominick Baier [DevelopMentor]"
> <(E-Mail Removed)>
> wrote in message
> news:(E-Mail Removed). com...
> : Hello Tumurbaatar S.,
> :
> : When using HTTP based authentication (e.g. Basic, NTLM, Digest,
> Kerberos),
> : Internet Explorer (IE) will continue sending the same credentials
> for each
> : subsequent request to the server until one of two things happens:
> either
> : (a) the user closes their browser or (b) the server refuses the
> credentials
> : with a 401 status code.
> :
> : Beginning with IE6 SP1 the following piece of javascript code will
> clear
> : IE's credentials cache. Note, that this will clear the credentials
> cache
> : for the entire iexplore.exe process, so users will be forced to
> re-authenticate
> : to any site being accessed by that process (in case they have
> multiple
> windows
> : open pointing to multiple websites):
> :
> : // Clear current credentials
> : // Requires IE6 SP1 or later
> : document.execCommand(ClearAuthenticationCache, false)
> :
> : ---------------------------------------
> : Dominick Baier - DevelopMentor
> : http://www.leastprivilege.com
> :
> : > My app uses Windows auth and it seems it does not have any method
> to
> : > sign out a user. Is there any way to do it?
> : >
> :
> :



 
Reply With Quote
 
Ken Schaefer
Guest
Posts: n/a
 
      11-14-2005
Hi Dominick,

I have no problem with you posting the text - it's just that the blog post
has a few extra details (including where OP can get more details, e.g. in
MSDN library)

Cheers
Ken

"Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed). com...
: Hello Ken,
:
: sorry. this was living in a .txt file for a while on my desktop - couldn't
: find the original link.
:
: didn't want to steal your IP.
:
:
: ---------------------------------------
: Dominick Baier - DevelopMentor
: http://www.leastprivilege.com
:
: > If you're going to cut-n-paste stuff straight from someone else's
: > website then at least provide a link. Then they can see the whole
: > thing, and links to MSDN etc. Whole post is here:
: > http://www.adopenstatic.com/cs/blogs.../04/12/14.aspx
: >
: > Cheers
: > Ken
: > "Dominick Baier [DevelopMentor]"
: > <(E-Mail Removed)>
: > wrote in message
: > news:(E-Mail Removed). com...
: > : Hello Tumurbaatar S.,
: > :
: > : When using HTTP based authentication (e.g. Basic, NTLM, Digest,
: > Kerberos),
: > : Internet Explorer (IE) will continue sending the same credentials
: > for each
: > : subsequent request to the server until one of two things happens:
: > either
: > : (a) the user closes their browser or (b) the server refuses the
: > credentials
: > : with a 401 status code.
: > :
: > : Beginning with IE6 SP1 the following piece of javascript code will
: > clear
: > : IE's credentials cache. Note, that this will clear the credentials
: > cache
: > : for the entire iexplore.exe process, so users will be forced to
: > re-authenticate
: > : to any site being accessed by that process (in case they have
: > multiple
: > windows
: > : open pointing to multiple websites):
: > :
: > : // Clear current credentials
: > : // Requires IE6 SP1 or later
: > : document.execCommand(ClearAuthenticationCache, false)
: > :
: > : ---------------------------------------
: > : Dominick Baier - DevelopMentor
: > : http://www.leastprivilege.com
: > :
: > : > My app uses Windows auth and it seems it does not have any method
: > to
: > : > sign out a user. Is there any way to do it?
: > : >
: > :
: > :
:
:


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
windows auth and forms auth Smokey Grindle ASP .Net 1 06-08-2006 03:14 PM
Forms Auth Info passed to Windows Auth? golem_95@yahoo.com ASP .Net Security 1 05-03-2005 11:47 AM
Windows Auth, but Forms Auth for one page? =?Utf-8?B?ZGhucml2ZXJzaWRl?= ASP .Net 1 01-08-2005 05:50 PM
Configuring Windows Auth & Forms Auth in Asp.Net Chris Mohan ASP .Net Security 2 04-29-2004 06:46 AM
Configuring Windows Auth & Forms Auth in Asp.Net =?Utf-8?B?Q2hyaXMgTW9oYW4=?= ASP .Net 0 04-28-2004 06:11 PM



Advertisments