Re: Switching from Integrated Authentication to Anonymous
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/28/05
- Next message: David Wang [Msft]: "Re: Problem with Integrated Windows authentication on SSL connection - second times"
- Previous message: PMarino: "Switching from Integrated Authentication to Anonymous"
- In reply to: PMarino: "Switching from Integrated Authentication to Anonymous"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 14:57:17 +1000
Once authenticated, IE will continue sending the user's credentials until
either:
a) the process is shut down (iexplorer.exe or whatever)
b) the server rejects the credentials (in which case IE will prompt the user
for new credentials)
How can you get around this to accomplish what you want? Your options are
listed here:
http://www.adopenstatic.com/cs/blogs/ken/archive/2005/04/12/14.aspx
Clearing IE's credential cache
Cheers
Ken
-- Blog: www.adopenstatic.com/cs/blogs/ken/ Web: www.adopenstatic.com "PMarino" <PMarino@discussions.microsoft.com> wrote in message news:D75AD644-D5AF-4C48-A655-70C6CB283687@microsoft.com... : Hi all. I have a problem that I'm not sure I understand. I have a web site : framework that is designed to support Windows Authentication, Forms : Authenticatio or Mixed. When logging off from Windows Authentication, the : framework redirects to a special page that allows Anonymous Access but does : not allow Windows Authentication. This special page then redirects to the : front page of the application. This front page permits Anonymous and Windows : Auth. : : While the special page is accessed Anonymously, the next (front) page uses : Windows Auth again. This doesn't make sense to me, and I'm wondering what to : do about it. To make sure it's not the framework's bug, I wrong a simple : test app consisiting of 3 ASP.Net pages, with the following security config: : : Test.Aspx - Allow Anonymous AND Windows Auth. Front page of applications. : : Secure.Aspx - Allow Windows Auth, do NOT allow Anonymous. Page used to grab : user's Windows auth. : : NotSecure.Aspx. - Allow Anonymous, do NOT allow Windows Auth. Page used to : 'log out'. : : : In this test scenario, Test.Aspx redirects to Secure.Aspx, and then back to : Test.Aspx. When I click 'Logout', I am redirected to NotSecure.Aspx, and : then back to Test.Aspx. : : Any idea of why this happens, and how I can work around it? : : Thanks in advance. : : Here's a sample of the IIS Log file: : : : 04:15:45 - GET /TestSecurity/Test.aspx - 302 - : 04:15:45 - GET /TestSecurity/Secure.aspx - 401 : 04:15:45 Domain\UserName GET /TestSecurity/Secure.aspx - 302 : 04:15:45 Domain\UserName GET /TestSecurity/Test.aspx Stage=Logon 200 : 04:15:49 Domain\UserName POST /TestSecurity/Test.aspx Stage=Logon 302 : 04:15:49 - GET /TestSecurity/NotSecure.aspx - 302 04:15:49 Domain\UserName : GET /TestSecurity/Test.aspx Stage=Logoff 200
- Next message: David Wang [Msft]: "Re: Problem with Integrated Windows authentication on SSL connection - second times"
- Previous message: PMarino: "Switching from Integrated Authentication to Anonymous"
- In reply to: PMarino: "Switching from Integrated Authentication to Anonymous"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
