Force reauthentication with basic auth on IIS?



I am trying to write a web page that features a "logoff" button on a site
that uses basic authentication on an IIS server.

In php, there is a way to send a header to tell the browser it needs to
authenticate. Can I also do that in jsp/java?




The way basic authentication work, your password is sent to the server.
Since http is stateless, with basic authentication (as opposed to
digest authentication), user name and password are sent every time you
make a request. The reason you dont get asked to type in password
every two seconds is because the browser stores your credentials for
you. If you want to get it to prompt for username/password again,
browser has to be told that authentication failed with whatever
credentials it has stored in the security realm. The way to do this is
to send a 401 Authentication Required response. Basically, if you can
figure out on the server side when you need the user to reauthenticate,
just create a 401 response and send it back instead of whatever you'd
normally send.

Hope this helps,
Apr 10, 2022
Reaction score
Ok but how can I do this from the browser instead? Like, if the server doesn't send the 401 and I just want to change the u/p that is sent each time by Chrome?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question