Re: Windows auth timeout

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 11/11/05


Date: Fri, 11 Nov 2005 11:11:18 +1100

If you're going to cut-n-paste stuff straight from someone else's website
then at least provide a link. Then they can see the whole thing, and links
to MSDN etc. Whole post is here:
http://www.adopenstatic.com/cs/blogs/ken/archive/2005/04/12/14.aspx

Cheers
Ken

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be63130ce08c7b260f0751ca9@news.microsoft.com...
: Hello Tumurbaatar S.,
:
: When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
: Internet Explorer (IE) will continue sending the same credentials for each
: subsequent request to the server until one of two things happens: either
: (a) the user closes their browser or (b) the server refuses the
credentials
: with a 401 status code.
:
: Beginning with IE6 SP1 the following piece of javascript code will clear
: IE's credentials cache. Note, that this will clear the credentials cache
: for the entire iexplore.exe process, so users will be forced to
re-authenticate
: to any site being accessed by that process (in case they have multiple
windows
: open pointing to multiple websites):
:
: // Clear current credentials
: // Requires IE6 SP1 or later
: document.execCommand(ClearAuthenticationCache, false)
:
: ---------------------------------------
: Dominick Baier - DevelopMentor
: http://www.leastprivilege.com
:
: > My app uses Windows auth and it seems it does not have any method to
: > sign out a user. Is there any way to do it?
: >
:
:



Relevant Pages

  • Re: DCOM Security.
    ... Additionally the programmer has domain credentials ... which case, anything can happen [decompile, reverse engineer, plug in own ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: No login prompt from IIS when using IE
    ... the authentication mechanism is set to "Integrated Windows ... that doesn't explain why all users have access to the website. ... Instead IE should attempt to send the current user's credentials, which should be rejected by the server (unless the user is an appropriate WSUS admin) and then IE will put a prompt in front of the user to supply alternate credentials. ...
    (microsoft.public.inetserver.iis.security)
  • Re: POST from external form doesnt work?
    ... > which then submits to a seperate login page (that if it recieves ... > credentials, does the authentication in the Page_Load and proceeds into ... I really don't want to switch the main website to ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: New Age Creationism (Ken Wilber)
    ... would be a transparent euphemism for "failed qualifying exams". ... All But Dissertation - a lot of people have completed all the ... about credentials with no details. ... I tried to get more information at his website, ...
    (talk.origins)
  • POST from external form doesnt work?
    ... which then submits to a seperate login page (that if it recieves ... credentials, does the authentication in the Page_Load and proceeds into ... I really don't want to switch the main website to ...
    (microsoft.public.dotnet.framework.aspnet)