Preventing saved passwords

[Peter Brown]

I have developed a web site running on Win2k and IIS.
It uses Integrated Windows Authentication. When the user
selects
the URL for the site, they are prompted for their Network
Password. On this dialog is a checkbox 'Save this
password
to your password list'. If the user checks this, their
password
will be pre-entered the next time the page is opened.

My question is, How can I force the
users to have to enter their password even if they
have checked the 'Save Password' box?

 

[Keith]

You do not have control over this unfortunately. In
fact, if the users are on your local network they could
easily configure IE to just pass through their
credentials without prompting. To address this security
concern you can do two things:

1. Educate users to not do it (best approach)
2. Programatically login to the domain using forms
authentication going against Active Directory. You might
not be using a domain to authenticate, but if you are
here's a good link to a VB.Net sample of using forms
authentication against Active Directory:

http://support.microsoft.com/default.aspx?scid=kb;EN-
US;326340

Choice two is good because any browser can support NTLM
authenication. Only IE and Mozilla/Netscape support
NTLM. No support for Apple Safari or Konqueror on Linux.

Good luck.