Force reauthentication with basic auth on IIS?

[JGH]

I am trying to write a web page that features a "logoff" button on a site
that uses basic authentication on an IIS server.

In php, there is a way to send a header to tell the browser it needs to
authenticate. Can I also do that in jsp/java?

 

[toxa26]

The way basic authentication work, your password is sent to the server.
Since http is stateless, with basic authentication (as opposed to
digest authentication), user name and password are sent every time you
make a request. The reason you dont get asked to type in password
every two seconds is because the browser stores your credentials for
you. If you want to get it to prompt for username/password again,
browser has to be told that authentication failed with whatever
credentials it has stored in the security realm. The way to do this is
to send a 401 Authentication Required response. Basically, if you can
figure out on the server side when you need the user to reauthenticate,
just create a 401 response and send it back instead of whatever you'd
normally send.

Hope this helps,
Anton

 

[Mugane]

Ok but how can I do this from the browser instead? Like, if the server doesn't send the 401 and I just want to change the u/p that is sent each time by Chrome?

 

[tomval4]

jsp/java?