That's what you should do. That's what Forms authentication was designed
to handle. The other information I've provided to you will resolve your
issue as well, but you don't seem interested so I'd go the Forms auth route.
Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
ASP.NET Developer Support
(e-mail address removed)
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------
| From: "Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u>
| References: <OO5##
[email protected]>
<#
[email protected]>
<
[email protected]>
<
[email protected]>
| Subject: Re: Windows Authentication Timeout
| Date: Wed, 10 Nov 2004 13:57:27 -0600
| Lines: 211
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
| Message-ID: <O$2#
[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: 192.173.33.42
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:12231
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Forget it.
| I'll just rewrite it to use FormsAuthentication.
|
| -- Will G.
|
|
| | > Will,
| >
| > If you want to force the cached credentials in Internet Explorer to
| expire,
| > the best method is to use an ActiveX control that calls
InternetSetOption.
| > Here's an article:
| >
| >
http://support.microsoft.com/default.aspx?scid=KB;EN-US;195192
| >
| > Jim Cheshire [MSFT]
| > MCP+I, MCSE, MCSD, MCDBA
| > ASP.NET Developer Support
| > (e-mail address removed)
| >
| > This post is provided "AS-IS" with no warranties and confers no rights.
| >
| >
| > --------------------
| > | From: "Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u>
| > | References: <OO5##
[email protected]>
| > <#
[email protected]>
| > | Subject: Re: Windows Authentication Timeout
| > | Date: Wed, 10 Nov 2004 11:00:22 -0600
| > | Lines: 133
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
| > | Message-ID: <
[email protected]>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| > | NNTP-Posting-Host: 192.173.33.42
| > | Path:
| >
|
cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08
| > phx.gbl!TK2MSFTNGP14.phx.gbl
| > | Xref: cpmsftngxa10.phx.gbl
| > microsoft.public.dotnet.framework.aspnet.security:12227
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
| > |
| > | Yes, I have looked at Forms Authentication, the problem is that I
wanted
| > to
| > | take advantage of Windows AD Groups and Permissions. I already have
the
| > | application written to that standard, and now I have to go back and
add
| a
| > | whole bunch of logic to handle Forms based authentication, figure out
| what
| > | groups have permission to what resources and add that information to
the
| > | Web.Config file, and basically "unsecure" portions of my website by
| > allowing
| > | "anyonymous" access to the ASPX resources so that FormsAuthentication
| will
| > | work. All that, just so I can have an authentication timeout?
| > |
| > | I believe that the reason they are prompted twice on the first request
| is
| > | because IIS first prompts the client, then my VB code in .NET prompts
| the
| > | client (because it has no idea that the person was already prompted).
| > |
| > | To me, it seems that the primary problem (for me in this instance) is
| that
| > | either IIS or the browser is "caching" the credentials of the client,
| and
| > | those credentials are being "re-used" on subsequent requests to the
| > | resource.
| > |
| > | If only there were some way to programmatically configure how long
| either
| > | IIS or the browser can "cache" the credentials (if that is what is
| > | happening)......
| > |
| > | -- Will Gillen
| > |
| > |
| > |
| > | | > | > Hi Will,
| > | >
| > | > Have you looked at Forms authentication? That might be a better
| choice
| > | for
| > | > you.
| > | >
| > | > You might be able to stop the second prompt by adding a Response.End
| > after
| > | > returning a 401. I'd have to trace it with Netmon to be sure why
| that's
| > | > happening.
| > | >
| > | > Jim Cheshire [MSFT]
| > | > MCP+I, MCSE, MCSD, MCDBA
| > | > ASP.NET Developer Support
| > | > (e-mail address removed)
| > | >
| > | > This post is provided "AS-IS" with no warranties and confers no
| rights.
| > | >
| > | >
| > | > --------------------
| > | > | From: "Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u>
| > | > | Subject: Windows Authentication Timeout
| > | > | Date: Wed, 10 Nov 2004 09:16:27 -0600
| > | > | Lines: 51
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
| > | > | Message-ID: <OO5##
[email protected]>
| > | > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| > | > | NNTP-Posting-Host: 192.173.33.42
| > | > | Path:
| > | >
| > |
| >
|
cpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13
| > | > phx.gbl
| > | > | Xref: cpmsftngxa10.phx.gbl
| > | > microsoft.public.dotnet.framework.aspnet.security:12219
| > | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
| > | > |
| > | > | I have been working on trying to enforce a "timeout" on Windows
| > | Integrated
| > | > | Authentication.
| > | > | Basically I want the aspx page to force the "authenticated" user
to
| > | > re-enter
| > | > | their credentials if it has been longer than 3 minutes since their
| > last
| > | > page
| > | > | request.
| > | > |
| > | > | Another individual had suggested adding a value to the Session
| object,
| > | and
| > | > | setting the page timeout to 3 minutes.
| > | > | Then, if that value is not present in the Session Object, just
| return
| > a
| > | > | Response.StatusCode of "401" to force the browser to
| > "re-authenticate".
| > | > |
| > | > | I "kinda" got that working, but now the browser is asking for
| > | credentials
| > | > | Twice on the First page request. Then all subsequent requests
| (after
| > 3
| > | > | minutes) are only prompting once.
| > | > |
| > | > | Can anyone help me get this figured out. I'm pretty close, I just
| > need
| > | > help
| > | > | in keeping the First Request from prompting Twice for
credentials...
| > | > |
| > | > |
| > | > | This code is at the top of the Page_Load() method of the page I
want
| > to
| > | > | secure:
| > | > |
| > | > | 'Set the Session Timeout to 3 mins:
| > | > | Session.Timeout = 3
| > | > | 'See if the User.Identity object is already in the Session
| > | (means
| > | > it
| > | > | hasn't "timed-out"):
| > | > | If context.Session.Item("USEROBJ") Is Nothing Then
| > | > | 'If New session, then See if they have already been
| > prompted
| > | > for
| > | > | creds:
| > | > | If context.Session.Item("AUTH_PROMPT") = True Then
| > | > | If context.User.Identity.IsAuthenticated Then
| > | > | 'If they have already been prompted and passed
| > | > | authentication,
| > | > | 'Then add the User.Identity to the Session:
| > | > | context.Session.Add("USEROBJ",
| > | context.User.Identity)
| > | > | Else
| > | > | 'Otherwise, respond with "401" to prompt for
| Creds
| > | > | again:
| > | > | Response.StatusCode = 401
| > | > | End If
| > | > | Else
| > | > | 'Since this is a new Session, and they haven't
been
| > | > prompted
| > | > | for creds (as far as I know),
| > | > | 'Then add the "AUTH_PROMPT" flag to the Session,
and
| > | > respond
| > | > | with "401":
| > | > | context.Session.Add("AUTH_PROMPT", True)
| > | > | Response.StatusCode = 401
| > | > | End If
| > | > | End If
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
