Re: Lightweight logon? Impersonation? - shared workstation problem

Basically, if you disable automatic login with Windows Integrated Auth in
the browser, the web app will just challenge the user for credentials and
force them to log in. The login they provide to the server will then not be
coupled to the identity of the login on the workstation itself.

You don't need any impersonation or delegation to make this work, but you
could definitely impersonate the end user in the app if you wanted to and
could delegate if you wanted to as well.

You do need to do something to make sure the browser window is not reused by
something else. Closing it is ideal. :)

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"THG" <THG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8E838D97-2143-48A5-BDB6-63679E773FFC@xxxxxxxxxxxxxxxx
Joe,

Thank you for replying. Would disabling automatic integrated
authentication
mean that users will not have to go through a complete logon and
workstation
can be logged on a basic generic account? Our problem is that users might
not have enough discipline to close the browser when they are done with
the
session, so we might have to look into closing the browser window for them
at
a certain time in the transaction.

As for smart cards, we don't have them and the proposed solution above
seems
to be overly complicated, so I would use it as a last resort.

Could any kind of impersonation/delegation be used on the application
level
on the server?


"Joe Kaplan" wrote:

Can you disable automatic integrated authentication in IE for the
machines
in question so that the users will simply be prompted to enter
credentials
when they access the app? Then, have them close the browser when they
are
done.

If you have smart cards, you could also just use SSL with client cert
auth.
The user would need to enter their smart card and PIN to log in.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--



.

Relevant Pages

  • Re: hide IE toolbars
    ... You can only do this through JavaScript when linking to the app. ... the various properties of the browser to be set. ... popup browser or browser window. ... > browses to CRM. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Microsoft Cleanliness
    ... browser and properties and all that. ... the database window is sufficient object browser and the ... closing it, re-opening the previous app. ... And requires an FSO reference. ...
    (comp.databases.ms-access)
  • Re: popup dialog on CE 5.0
    ... I'd create an ActiveX Control that the page creates and uses. ... when I am in the browser. ... popup a window and appears on top of every other app that is active. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: HTAs
    ... app to look just like a Windows app in the browser. ... icon bar, and anything else that gives the impression of a browser. ... window.open, which opens a new window with the desired attributes. ...
    (microsoft.public.dotnet.framework.aspnet)
  • comp.lang.javascript FAQ - Quick Answers 2008-10-13
    ... Javascript Tips ... _How can I disable the back button in a web browser_? ... _How do I check to see if a child window is open, ... upon the cache headers that your server sends. ...
    (comp.lang.javascript)