asp and AD authentication

[Blake]

I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake

 

[Jason Bentley]

If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley

 

[Blake]

Thanks, but I'm not using cookie based auth. This is actual Windows
authentication.
Blake

If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley

I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake

 

[Jason Bentley]

In that case, I would say the only way to safely end the session is to close
the window. Session.Abandon() may work but the user's credentials are
stored on the client and may not work. Happy coding!

Jason Bentley

Thanks, but I'm not using cookie based auth. This is actual Windows
authentication.
Blake

If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley

I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake

 

[Tom Kaminski [MVP]]

In that case, I would say the only way to safely end the session is to close
the window. Session.Abandon() may work but the user's credentials are
stored on the client and may not work. Happy coding!

Session abandon *will not* work in this case - the credentials are cached by
the browser. See this link for an alternative solution:
http://support.microsoft.com/?kbid=195192