Windows auth timeout

[Tumurbaatar S.]

My app uses Windows auth and it seems it does not
have any method to sign out a user. Is there any way
to do it?

 

[Dominick Baier [DevelopMentor]]

Hello Tumurbaatar S.,

When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
Internet Explorer (IE) will continue sending the same credentials for each
subsequent request to the server until one of two things happens: either
(a) the user closes their browser or (b) the server refuses the credentials
with a 401 status code.

Beginning with IE6 SP1 the following piece of javascript code will clear
IE's credentials cache. Note, that this will clear the credentials cache
for the entire iexplore.exe process, so users will be forced to re-authenticate
to any site being accessed by that process (in case they have multiple windows
open pointing to multiple websites):

// Clear current credentials
// Requires IE6 SP1 or later
document.execCommand(ClearAuthenticationCache, false)

 

[Tumurbaatar S.]

Thank you!

Hello Tumurbaatar S.,

When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
Internet Explorer (IE) will continue sending the same credentials for each
subsequent request to the server until one of two things happens: either
(a) the user closes their browser or (b) the server refuses the
credentials with a 401 status code.

Beginning with IE6 SP1 the following piece of javascript code will clear
IE's credentials cache. Note, that this will clear the credentials cache
for the entire iexplore.exe process, so users will be forced to
re-authenticate to any site being accessed by that process (in case they
have multiple windows open pointing to multiple websites):

// Clear current credentials
// Requires IE6 SP1 or later
document.execCommand(ClearAuthenticationCache, false)

 

[Ken Schaefer]

If you're going to cut-n-paste stuff straight from someone else's website
then at least provide a link. Then they can see the whole thing, and links
to MSDN etc. Whole post is here:
http://www.adopenstatic.com/cs/blogs/ken/archive/2005/04/12/14.aspx

Cheers
Ken

"Dominick Baier [DevelopMentor]" <[email protected]>
wrote in message : Hello Tumurbaatar S.,
:
: When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos),
: Internet Explorer (IE) will continue sending the same credentials for each
: subsequent request to the server until one of two things happens: either
: (a) the user closes their browser or (b) the server refuses the
credentials
: with a 401 status code.
:
: Beginning with IE6 SP1 the following piece of javascript code will clear
: IE's credentials cache. Note, that this will clear the credentials cache
: for the entire iexplore.exe process, so users will be forced to
re-authenticate
: to any site being accessed by that process (in case they have multiple
windows
: open pointing to multiple websites):
:
: // Clear current credentials
: // Requires IE6 SP1 or later
: document.execCommand(ClearAuthenticationCache, false)
:
: ---------------------------------------
: Dominick Baier - DevelopMentor
: http://www.leastprivilege.com
:
: > My app uses Windows auth and it seems it does not have any method to
: > sign out a user. Is there any way to do it?
: >
:
:

 

[Dominick Baier [DevelopMentor]]

Hello Ken,

sorry. this was living in a .txt file for a while on my desktop - couldn't
find the original link.

didn't want to steal your IP.

 

[Ken Schaefer]

Hi Dominick,

I have no problem with you posting the text - it's just that the blog post
has a few extra details (including where OP can get more details, e.g. in
MSDN library)

Cheers
Ken

"Dominick Baier [DevelopMentor]" <[email protected]>
wrote in message : Hello Ken,
:
: sorry. this was living in a .txt file for a while on my desktop - couldn't
: find the original link.
:
: didn't want to steal your IP.
:
:
: ---------------------------------------
: Dominick Baier - DevelopMentor
: http://www.leastprivilege.com
:
: > If you're going to cut-n-paste stuff straight from someone else's
: > website then at least provide a link. Then they can see the whole
: > thing, and links to MSDN etc. Whole post is here:
: > http://www.adopenstatic.com/cs/blogs/ken/archive/2005/04/12/14.aspx
: >
: > Cheers
: > Ken
: > "Dominick Baier [DevelopMentor]"
: > <[email protected]>
: > wrote in message
: > : > : Hello Tumurbaatar S.,
: > :
: > : When using HTTP based authentication (e.g. Basic, NTLM, Digest,
: > Kerberos),
: > : Internet Explorer (IE) will continue sending the same credentials
: > for each
: > : subsequent request to the server until one of two things happens:
: > either
: > : (a) the user closes their browser or (b) the server refuses the
: > credentials
: > : with a 401 status code.
: > :
: > : Beginning with IE6 SP1 the following piece of javascript code will
: > clear
: > : IE's credentials cache. Note, that this will clear the credentials
: > cache
: > : for the entire iexplore.exe process, so users will be forced to
: > re-authenticate
: > : to any site being accessed by that process (in case they have
: > multiple
: > windows
: > : open pointing to multiple websites):
: > :
: > : // Clear current credentials
: > : // Requires IE6 SP1 or later
: > : document.execCommand(ClearAuthenticationCache, false)
: > :
: > : ---------------------------------------
: > : Dominick Baier - DevelopMentor
: > : http://www.leastprivilege.com
: > :
: > : > My app uses Windows auth and it seems it does not have any method
: > to
: > : > sign out a user. Is there any way to do it?
: > : >
: > :
: > :
:
: