How do u make IE uncache basic authentication information???

Discussion in 'ASP .Net' started by Chris Newby, Feb 16, 2005.

  1. Chris Newby

    Chris Newby Guest

    I have a site that is using Basic authentication to validate users against
    an NT domain. The site has a "log off" feature, however without forcing the
    browser window to close, I don't know how to make the browser "uncache" the
    user's credentials. Ideally, the process flow would work as follows:

    - User requests a page from a secure part of the site
    - User is asked to submit credentials
    - User is validated and allowed into secure part of site
    - User clicks "logoff" and is directed to an unsecured log off page
    - User requests a page from a secure part of the site
    - The process iterates

    As of now, in the log off page I've tried sending an HTTP status of "401"
    and i've tried sending a "WWW-AUTHENTICATE" HTTP header. But neither has
    thus far had the desired effect.

    Any suggestions are welcome.

    TIA//
    Chris Newby, Feb 16, 2005
    #1
    1. Advertising

  2. Chris Newby

    Ollie Riches Guest

    chekc out this thread

    http://groups.google.co.uk/groups?hl=en&lr=&threadm=#B18GxV3EHA.824@TK2M
    SFTNGP11.phx.gbl&rnum=1&prev=/groups%3Fq%3Djoe%2520ollie%2520thanks%2520401%
    26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg


    --
    HTH

    Ollie Riches
    http://www.phoneanalyser.net

    Disclaimer: Opinions expressed in this forum are my own, and not
    representative of my employer.
    I do not answer questions on behalf of my employer. I'm just a programmer
    helping programmers.

    "Chris Newby" <> wrote in message
    news:...
    > I have a site that is using Basic authentication to validate users against
    > an NT domain. The site has a "log off" feature, however without forcing

    the
    > browser window to close, I don't know how to make the browser "uncache"

    the
    > user's credentials. Ideally, the process flow would work as follows:
    >
    > - User requests a page from a secure part of the site
    > - User is asked to submit credentials
    > - User is validated and allowed into secure part of site
    > - User clicks "logoff" and is directed to an unsecured log off page
    > - User requests a page from a secure part of the site
    > - The process iterates
    >
    > As of now, in the log off page I've tried sending an HTTP status of "401"
    > and i've tried sending a "WWW-AUTHENTICATE" HTTP header. But neither has
    > thus far had the desired effect.
    >
    > Any suggestions are welcome.
    >
    > TIA//
    >
    >
    Ollie Riches, Feb 16, 2005
    #2
    1. Advertising

  3. Chris Newby

    Chris Newby Guest

    Thanks Ollie, that works great in IE, but is there anything you know of for
    Netscape as well?
    Also, is it me or is it strange that the HTTP spec doesn't include a header
    to uncache credentials?

    TIA//


    "Ollie Riches" <> wrote in message
    news:...
    > chekc out this thread
    >
    >

    http://groups.google.co.uk/groups?hl=en&lr=&threadm=#B18GxV3EHA.824@TK2M
    >

    SFTNGP11.phx.gbl&rnum=1&prev=/groups%3Fq%3Djoe%2520ollie%2520thanks%2520401%
    > 26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg
    >
    >
    > --
    > HTH
    >
    > Ollie Riches
    > http://www.phoneanalyser.net
    >
    > Disclaimer: Opinions expressed in this forum are my own, and not
    > representative of my employer.
    > I do not answer questions on behalf of my employer. I'm just a programmer
    > helping programmers.
    >
    > "Chris Newby" <> wrote in message
    > news:...
    > > I have a site that is using Basic authentication to validate users

    against
    > > an NT domain. The site has a "log off" feature, however without forcing

    > the
    > > browser window to close, I don't know how to make the browser "uncache"

    > the
    > > user's credentials. Ideally, the process flow would work as follows:
    > >
    > > - User requests a page from a secure part of the site
    > > - User is asked to submit credentials
    > > - User is validated and allowed into secure part of site
    > > - User clicks "logoff" and is directed to an unsecured log off page
    > > - User requests a page from a secure part of the site
    > > - The process iterates
    > >
    > > As of now, in the log off page I've tried sending an HTTP status of

    "401"
    > > and i've tried sending a "WWW-AUTHENTICATE" HTTP header. But neither has
    > > thus far had the desired effect.
    > >
    > > Any suggestions are welcome.
    > >
    > > TIA//
    > >
    > >

    >
    >
    Chris Newby, Feb 16, 2005
    #3
  4. Chris Newby

    Ollie Guest

    Sorry nothing for Netscape, when I was looking at this it was for a
    requirement for IE browser only.

    As for a requirement in the HTTP spec don't hold your breath :)


    --
    HTH

    Ollie Riches
    http://www.phoneanalyser.net


    Disclaimer: Opinions expressed in this forum are my own, and not
    representative of my employer.
    I do not answer questions on behalf of my employer. I'm just a programmer
    helping programmers.



    "Chris Newby" <> wrote in message
    news:eh9MJ$...
    > Thanks Ollie, that works great in IE, but is there anything you know of
    > for
    > Netscape as well?
    > Also, is it me or is it strange that the HTTP spec doesn't include a
    > header
    > to uncache credentials?
    >
    > TIA//
    >
    >
    > "Ollie Riches" <> wrote in message
    > news:...
    >> chekc out this thread
    >>
    >>

    > http://groups.google.co.uk/groups?hl=en&lr=&threadm=#B18GxV3EHA.824@TK2M
    >>

    > SFTNGP11.phx.gbl&rnum=1&prev=/groups%3Fq%3Djoe%2520ollie%2520thanks%2520401%
    >> 26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg
    >>
    >>
    >> --
    >> HTH
    >>
    >> Ollie Riches
    >> http://www.phoneanalyser.net
    >>
    >> Disclaimer: Opinions expressed in this forum are my own, and not
    >> representative of my employer.
    >> I do not answer questions on behalf of my employer. I'm just a
    >> programmer
    >> helping programmers.
    >>
    >> "Chris Newby" <> wrote in message
    >> news:...
    >> > I have a site that is using Basic authentication to validate users

    > against
    >> > an NT domain. The site has a "log off" feature, however without forcing

    >> the
    >> > browser window to close, I don't know how to make the browser "uncache"

    >> the
    >> > user's credentials. Ideally, the process flow would work as follows:
    >> >
    >> > - User requests a page from a secure part of the site
    >> > - User is asked to submit credentials
    >> > - User is validated and allowed into secure part of site
    >> > - User clicks "logoff" and is directed to an unsecured log off page
    >> > - User requests a page from a secure part of the site
    >> > - The process iterates
    >> >
    >> > As of now, in the log off page I've tried sending an HTTP status of

    > "401"
    >> > and i've tried sending a "WWW-AUTHENTICATE" HTTP header. But neither
    >> > has
    >> > thus far had the desired effect.
    >> >
    >> > Any suggestions are welcome.
    >> >
    >> > TIA//
    >> >
    >> >

    >>
    >>

    >
    >
    Ollie, Feb 16, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brett Porter
    Replies:
    2
    Views:
    742
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  2. Mark
    Replies:
    0
    Views:
    665
  3. Brett Porter
    Replies:
    5
    Views:
    568
    Brett Porter
    Feb 3, 2004
  4. Quentin Huo
    Replies:
    1
    Views:
    498
    Charles Chen
    Aug 6, 2004
  5. Dom
    Replies:
    0
    Views:
    445
Loading...

Share This Page