«

We have got an application which is using Integrated Windows authentication
credential method for logging into the site. Our customer now is asking for a
requirement to provide more security. The requirement is like this..

"Whenever the session of the application expires(as per time in web.config),
it should clear the User credentials so that even if the User enters the site
url in the same browser instance,the Integrated Windows authentication
credential dialog box should pop up. This will make the user to enter the
userid and password again to access the application. In other words, even if
the session expires, only authorized users should be allowed to login".

Please help us in finding a solution for this. It will be really great if
some experts can provide us the code snippet for this.

Kind Regards & Thanks in Advance,

Gireesh

Hi,

i think this will not work - several problems

a) there is no way to clear the credentials from ASP.NET - there is only
a client IE command that can do that.
b) there is no reliable way to detect a session end - Session_End only guarantees
to fire with InProc sessions

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> We have got an application which is using Integrated Windows
> authentication credential method for logging into the site. Our
> customer now is asking for a requirement to provide more security. The
> requirement is like this..
>
> "Whenever the session of the application expires(as per time in
> web.config), it should clear the User credentials so that even if the
> User enters the site url in the same browser instance,the Integrated
> Windows authentication credential dialog box should pop up. This will
> make the user to enter the userid and password again to access the
> application. In other words, even if the session expires, only
> authorized users should be allowed to login".
>
> Please help us in finding a solution for this. It will be really great
> if some experts can provide us the code snippet for this.
>
> Kind Regards & Thanks in Advance,
>
> Gireesh
>

On Mon, 23 Jan 2006 05:19:02 -0800, "Datagrid left-right scroll
problem" < oft.com>
wrote:

>We have got an application which is using Integrated Windows authentication
>credential method for logging into the site. Our customer now is asking for a
>requirement to provide more security. The requirement is like this..
>
>"Whenever the session of the application expires(as per time in web.config),
>it should clear the User credentials so that even if the User enters the site
>url in the same browser instance,the Integrated Windows authentication
>credential dialog box should pop up. This will make the user to enter the
>userid and password again to access the application. In other words, even if
>the session expires, only authorized users should be allowed to login".
>
>Please help us in finding a solution for this. It will be really great if
>some experts can provide us the code snippet for this.
>


Gireesh,

This has to be done on the client via an ActiveX control calling the
InternetSetOption API. See this:

195192 How To Clear Logon Credentials to Force Reauthentication
http://support.microsoft.com/default...b;EN-US;195192


Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche

In addition to Dominick's comments, see:
http://www.adopenstatic.com/cs/blogs.../04/12/14.aspx

Cheers
Ken


"Datagrid left-right scroll problem"
< oft.com> wrote in message
news:7DF975FA-82DF-4CB3-B081-...
: We have got an application which is using Integrated Windows
authentication
: credential method for logging into the site. Our customer now is asking
for a
: requirement to provide more security. The requirement is like this..
:
: "Whenever the session of the application expires(as per time in
web.config),
: it should clear the User credentials so that even if the User enters the
site
: url in the same browser instance,the Integrated Windows authentication
: credential dialog box should pop up. This will make the user to enter the
: userid and password again to access the application. In other words, even
if
: the session expires, only authorized users should be allowed to login".
:
: Please help us in finding a solution for this. It will be really great if
: some experts can provide us the code snippet for this.
:
: Kind Regards & Thanks in Advance,
:
: Gireesh