Forcing Reauthentication for a Webform with NTLM auth..ion

Andrew_Revinsky · Jul 9, 2004

Hi,

please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)

The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.

Thank you for your input on this!

Raterus · Jul 13, 2004

There is no way to remove the browser credentials other than actually closing the browser.

http://groups.google.com/groups?hl=...c35185%2463788990%24a401280a%40phx.gbl&rnum=2

Andrew_Revinsky · Jul 14, 2004

Thanks, Raterus,

so, there is not such solution? Closing a browser means you don't see a web resource, meaning you have to open the browser still. Catch 22.

I know, that for some web resources on our intranet, when a virtual directory (which is mapped to a physical location) is missing mapping credentials, the users receive a standard authentication prompt.

May this behavior be emulated - this is the question?

--
Best regards,

Andrew P. Revinsky

Raterus said:
There is no way to remove the browser credentials other than actually closing the browser.

http://groups.google.com/groups?hl=...c35185%2463788990%24a401280a%40phx.gbl&rnum=2

Ian Ringrose · Jul 14, 2004

I have done this,

See "Mixing Forms and Windows Security in ASP." in MSDN for the hint on how
to do this. You make use of Forms Authentication within you application, but
automatically log on the user with NTLM authentication when they first hit
the site.

Your logout button takes them to the Forms Authentication logon page.

http://msdn.microsoft.com/library/en-us/dnaspp/html/mixedsecurity.asp

Ian Ringrose
Ringi at bigfoot dot com

Andrew_Revinsky said:
Thanks, Raterus,

so, there is not such solution? Closing a browser means you don't see a

web resource, meaning you have to open the browser still. Catch 22.

I know, that for some web resources on our intranet, when a virtual

directory (which is mapped to a physical location) is missing mapping
credentials, the users receive a standard authentication prompt.

May this behavior be emulated - this is the question?

application to "forget" a current user (authenticated with NTLM
authentication) and make Internet Explorer show a dialog box prompting for
authentication (username/password/domain)? (And then, have this session run
under a newly entered credentials?)functionality of "Logging Off". This option is rarely needed in our domain,
but when it is, it's when the web application is run on a "shared" computer.

Override Windows auth using global.asax?	0	Jun 29, 2010
NTLM authentication with httpclient	10	Dec 1, 2007
ANN: python-ntlm - provides NTLM support, including an authenticationhandler for urllib2	0	Dec 10, 2008
http.server.BaseHTTPRequestHandler basic auth logout? Djangoauthentication system for REST interface	1	Jun 7, 2014
Proxy auth with default credentials	9	Feb 23, 2006
Digest auth in .net 1.1 and Active Directory	5	Dec 18, 2007
NTLM Authentication Across Forests	2	Nov 4, 2004
Forms Auth (roles being ignored)	0	Sep 11, 2007

Forcing Reauthentication for a Webform with NTLM auth..ion

Andrew_Revinsky

Raterus

Andrew_Revinsky

Ian Ringrose

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads