I came across this in a forum, so I guess it's in the windows authentication
design, not
much can be done.
The user credentials are being cached by the client browser, not by IIS. To
force the client user to enter credentials again, you would need to send an
appropriate 401 status message in response to the next client request.
However, doing this would run counter to very legitimate user expectations
of how Windows authentication is supposed to work, so you may want to
reconsider. When Windows user credentials have already been accepted by a
server (either via a login dialog or automatic submission under IE
configuration for the target site or zone), a 401 is only expected if a
requested resource cannot be accessed under the previously supplied
credentials. When you send a 401 after any credentials have been previously
accepted, the user should expect that they need to use different credentials
from their initial login. If you're expecting the same credentials, then
user confusion should be anticipated.
All in all, if you really want to force a new login, perhaps a different
authentication mode might be more appropriate..
"MattC" <m@m.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Ack! Sorry I assumed you meant Integrated Windows Authentication. Closing
the window should kill the current authentication process. Have you tried
abandoning the current Session to see if that clears user authentication
details?
MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl..." Windows Authentication is based on the current windows login,"
what current windows login? you mean the login to the workstation? no,
it's
the crudential that the user enter when prompt by the authentication
server,
the user need to be in the AD or in the authenticating server. after the
user it's authenticated, the subsequent communication will contain the
authenticated info in the httpContext. now I am not sure where I can
find
more information on how this works, there got to be someway to logout
for the users.
I dont think you can issue a system logout request from a webpage without using some
kind of ActiveX control.
MattC
"Kevin Yu" <ko**@hotmail.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
> is it possible to for user to click a logout button to logout and
when the > user want to get into the system again, the user have to login again?
>
>
> Kevin
>
>