Windows Authentication Logout

Hello All:



I am using Windows Authentication in my VB/ASP.NET Intranet Web Application.



How do I create a method that will release the authentication Token, so the
user will no longer have access to any of the resources on the site?



Thanks

Stuart

Stuart Shay

I don't think you can disable the "Token" on the fly. To dynamically
control access, store those who are allowed in a table and those who are not
allowed in another table - or separate views of the same table - or an
array or arraylist and use something like this:


foreach(string user in BannedUsers)
{
if (user == User.Identity.Name)
{
throw new Exception ("You are not authorized");
}
}

You could do a PrincipalPermission.Demand() on the user against a list of
users, but I don't think it buys you much in this case. The concept there
is you create a PermissionPrincipal:

bool allowed = false;
foreach(string user in AllowedUsers)
{
try
{
PrincipalPermission pp = new PrincipalPermission(null, user);
pp.Demand();
allowed = true;
}
catch(Exception ex)
{
}
}

if (!allowed)
throw new Exception ("You're not allowed here!");

Hope this helps

Dale

If the

"Stuart Shay" <> wrote in message
news:#...
> Hello All:
>
>
>
> I am using Windows Authentication in my VB/ASP.NET Intranet Web
Application.
>
>
>
> How do I create a method that will release the authentication Token, so
the
> user will no longer have access to any of the resources on the site?
>
>
>
> Thanks
>
> Stuart
>
>
>
>
>
>