473,380 Members | 1,225 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,380 software developers and data experts.

Logout from windows authentication??

is it possible to for user to click a logout button to logout and when the
user want to get into the system again, the user have to login again?
Kevin
Nov 19 '05 #1
6 7518
Windows Authentication is based on the current windows login, I dont think
you can issue a system logout request from a webpage without using some kind
of ActiveX control.

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
is it possible to for user to click a logout button to logout and when the
user want to get into the system again, the user have to login again?
Kevin

Nov 19 '05 #2
" Windows Authentication is based on the current windows login,"

what current windows login? you mean the login to the workstation? no, it's
the crudential that the user enter when prompt by the authentication server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can find
more information on how this works, there got to be someway to logout for
the users.

I dont think
you can issue a system logout request from a webpage without using some kind of ActiveX control.

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
is it possible to for user to click a logout button to logout and when the user want to get into the system again, the user have to login again?
Kevin


Nov 19 '05 #3
Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
the window should kill the current authentication process. Have you tried
abandoning the current Session to see if that clears user authentication
details?

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
" Windows Authentication is based on the current windows login,"

what current windows login? you mean the login to the workstation? no,
it's
the crudential that the user enter when prompt by the authentication
server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can
find
more information on how this works, there got to be someway to logout for
the users.

I dont think
you can issue a system logout request from a webpage without using some

kind
of ActiveX control.

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
> is it possible to for user to click a logout button to logout and when the > user want to get into the system again, the user have to login again?
>
>
> Kevin
>
>



Nov 19 '05 #4
MattC

thank you for your response.

in fact, clearing the session collection won't help, since it does nothing
to the authentication process/authenitcated commnunication
in the httpContext

Kevin


"MattC" <m@m.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
the window should kill the current authentication process. Have you tried
abandoning the current Session to see if that clears user authentication
details?

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
" Windows Authentication is based on the current windows login,"

what current windows login? you mean the login to the workstation? no,
it's
the crudential that the user enter when prompt by the authentication
server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can
find
more information on how this works, there got to be someway to logout for the users.

I dont think
you can issue a system logout request from a webpage without using some

kind
of ActiveX control.

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
> is it possible to for user to click a logout button to logout and
when the
> user want to get into the system again, the user have to login again?
>
>
> Kevin
>
>



Nov 19 '05 #5
I came across this in a forum, so I guess it's in the windows authentication
design, not
much can be done.

The user credentials are being cached by the client browser, not by IIS. To
force the client user to enter credentials again, you would need to send an
appropriate 401 status message in response to the next client request.
However, doing this would run counter to very legitimate user expectations
of how Windows authentication is supposed to work, so you may want to
reconsider. When Windows user credentials have already been accepted by a
server (either via a login dialog or automatic submission under IE
configuration for the target site or zone), a 401 is only expected if a
requested resource cannot be accessed under the previously supplied
credentials. When you send a 401 after any credentials have been previously
accepted, the user should expect that they need to use different credentials
from their initial login. If you're expecting the same credentials, then
user confusion should be anticipated.

All in all, if you really want to force a new login, perhaps a different
authentication mode might be more appropriate..


"MattC" <m@m.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
the window should kill the current authentication process. Have you tried
abandoning the current Session to see if that clears user authentication
details?

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
" Windows Authentication is based on the current windows login,"

what current windows login? you mean the login to the workstation? no,
it's
the crudential that the user enter when prompt by the authentication
server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can
find
more information on how this works, there got to be someway to logout for the users.

I dont think
you can issue a system logout request from a webpage without using some

kind
of ActiveX control.

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
> is it possible to for user to click a logout button to logout and
when the
> user want to get into the system again, the user have to login again?
>
>
> Kevin
>
>



Nov 19 '05 #6
MattC

there is a workaround. it need to clear the identity token on the client
browser cache, but only IE6 + sp1 support
the javascript function, for the rest of the IE version, an activeX is
needed to clear the cache.

Kevin
"MattC" <m@m.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
the window should kill the current authentication process. Have you tried
abandoning the current Session to see if that clears user authentication
details?

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
" Windows Authentication is based on the current windows login,"

what current windows login? you mean the login to the workstation? no,
it's
the crudential that the user enter when prompt by the authentication
server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can
find
more information on how this works, there got to be someway to logout for the users.

I dont think
you can issue a system logout request from a webpage without using some

kind
of ActiveX control.

MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
> is it possible to for user to click a logout button to logout and
when the
> user want to get into the system again, the user have to login again?
>
>
> Kevin
>
>



Nov 19 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: konsu | last post by:
hello, i need to implement a secure web site in php and mysql but i have just started looking at php a few days ago, and i would appreciate any advice from the experts. the site, as i said,...
1
by: Tuan | last post by:
Hi, I am writting a small web application and I want to create a logout page for the users like the logout on yahoo. If the users logout they cannot go back by using back button history on the...
2
by: Vinod I | last post by:
Hi Team, I would like to know how "Logout" can be handled in asp.net page. Scenario is like this:- I have a "logout" option in my menu. As soon as user clicks this, will show a "Sucessfully...
2
by: Brian Henry | last post by:
We have our windows forms login set up and working good, well it works at least, just now we need a logout button, so when you click on it, the user will be logged out of the authentication, how...
4
by: ad | last post by:
I use the Login controls of Asp.net 2.0 in my program. I want to logout a user by program, I try Session.Abandon() for this. But I found that the user is the same after I execute Session.Abandon()....
2
by: AAOMTim | last post by:
I want to automatically logout if certain conditions occur in my application. Calling Session.Abandon() does not force a logout. What can I do? -- Tim
1
by: Rahul | last post by:
Hello All, I'm sure many people must have encountered this problem, but I want to implement the functionality when a user clicks a button and "logs out" so that the next time he attempts to...
3
by: kpg* | last post by:
Hi all, I want to perform the same action the the loginstatus control does to logout a user programatically, but I can't seem to find a 'logout' method in any of the membership classes. The...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.