Forcing Reauthentication for a Webform with NTLM auth..ion

  • Thread starter Andrew_Revinsky
  • Start date
A

Andrew_Revinsky

Hi,

please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)

The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.

Thank you for your input on this!
 
A

Andrew_Revinsky

Thanks, Raterus,

so, there is not such solution? Closing a browser means you don't see a web resource, meaning you have to open the browser still. Catch 22. :)

I know, that for some web resources on our intranet, when a virtual directory (which is mapped to a physical location) is missing mapping credentials, the users receive a standard authentication prompt.

May this behavior be emulated - this is the question?

--
Best regards,

Andrew P. Revinsky


Raterus said:
There is no way to remove the browser credentials other than actually closing the browser.

http://groups.google.com/groups?hl=...c35185%2463788990%24a401280a%40phx.gbl&rnum=2
Click to expand...
 
I

Ian Ringrose

I have done this,

See "Mixing Forms and Windows Security in ASP." in MSDN for the hint on how
to do this. You make use of Forms Authentication within you application, but
automatically log on the user with NTLM authentication when they first hit
the site.

Your logout button takes them to the Forms Authentication logon page.

http://msdn.microsoft.com/library/en-us/dnaspp/html/mixedsecurity.asp

Ian Ringrose
Ringi at bigfoot dot com

Andrew_Revinsky said:
Thanks, Raterus,

so, there is not such solution? Closing a browser means you don't see a
Click to expand...
web resource, meaning you have to open the browser still. Catch 22. :)
I know, that for some web resources on our intranet, when a virtual
Click to expand...
directory (which is mapped to a physical location) is missing mapping
credentials, the users receive a standard authentication prompt.
May this behavior be emulated - this is the question?
Click to expand...
application to "forget" a current user (authenticated with NTLM
authentication) and make Internet Explorer show a dialog box prompting for
authentication (username/password/domain)? (And then, have this session run
under a newly entered credentials?)functionality of "Logging Off". This option is rarely needed in our domain,
but when it is, it's when the web application is run on a "shared" computer.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Override Windows auth using global.asax? 0
NTLM authentication with httpclient 10
ANN: python-ntlm - provides NTLM support, including an authenticationhandler for urllib2 0
http.server.BaseHTTPRequestHandler basic auth logout? Djangoauthentication system for REST interface 1
Proxy auth with default credentials 9
Digest auth in .net 1.1 and Active Directory 5
NTLM Authentication Across Forests 2
Forms Auth (roles being ignored) 0

Members online

No members online now.
Total: 67 (members: 0, guests: 67)
Robots: 469

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,816
Latest member
SapanaCarpetStudio

Latest Threads

Top