Forcing Reauthentication for a Webform with NTLM auth..ion

[Andrew_Revinsky]

Hi,

please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)

The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.

Thank you for your input on this!

--
Best regards,

Andrew P. Revinsky

[Raterus]

There is no way to remove the browser credentials other than actually closing the browser.

[url]http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=06ad01c35185%2463788990%24a401280a%40phx .gbl&rnum=2&prev=/groups%3Fq%3Dnick%2540hks.ca%2Blogoff%26hl%3Den%26 lr%3D%26ie%3DUTF-8%26selm%3D06ad01c35185%252463788990%2524a401280a% 2540phx.gbl%26rnum%3D2[/url]

"Andrew_Revinsky" <AndrewRevinsky@discussions.microsoft.com> wrote in message news:918B102E-25B6-4B7D-8B64-A7F6DF5C538D@microsoft.com...

> Hi,
>
> please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)
>
> The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.
>
> Thank you for your input on this!
>
> --
> Best regards,
>
> Andrew P. Revinsky

[Andrew_Revinsky]

Thanks, Raterus,

so, there is not such solution? Closing a browser means you don't see a web resource, meaning you have to open the browser still. Catch 22. :)

I know, that for some web resources on our intranet, when a virtual directory (which is mapped to a physical location) is missing mapping credentials, the users receive a standard authentication prompt.

May this behavior be emulated - this is the question?

--
Best regards,

Andrew P. Revinsky


"Raterus" wrote:

> There is no way to remove the browser credentials other than actually closing the browser.
>
> [url]http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=06ad01c35185%2463788990%24a401280a%40phx .gbl&rnum=2&prev=/groups%3Fq%3Dnick%2540hks.ca%2Blogoff%26hl%3Den%26 lr%3D%26ie%3DUTF-8%26selm%3D06ad01c35185%252463788990%2524a401280a% 2540phx.gbl%26rnum%3D2[/url]
>
> "Andrew_Revinsky" <AndrewRevinsky@discussions.microsoft.com> wrote in message news:918B102E-25B6-4B7D-8B64-A7F6DF5C538D@microsoft.com...

> > Hi,
> >
> > please suggest if there is a way (and what is it) to force a web application to "forget" a current user (authenticated with NTLM authentication) and make Internet Explorer show a dialog box prompting for authentication (username/password/domain)? (And then, have this session run under a newly entered credentials?)
> >
> > The reason for this question is I am trying to implement a functionality of "Logging Off". This option is rarely needed in our domain, but when it is, it's when the web application is run on a "shared" computer.
> >
> > Thank you for your input on this!
> >
> > --
> > Best regards,
> >
> > Andrew P. Revinsky

>

[Ian Ringrose]

I have done this,

See "Mixing Forms and Windows Security in ASP." in MSDN for the hint on how
to do this. You make use of Forms Authentication within you application, but
automatically log on the user with NTLM authentication when they first hit
the site.

Your logout button takes them to the Forms Authentication logon page.

[url]http://msdn.microsoft.com/library/en-us/dnaspp/html/mixedsecurity.asp[/url]

Ian Ringrose
Ringi at bigfoot dot com

"Andrew_Revinsky" <AndrewRevinsky@discussions.microsoft.com> wrote in
message news:5BD2F9F5-F7FD-49DA-841B-A3EB6F154854@microsoft.com...

> Thanks, Raterus,
>
> so, there is not such solution? Closing a browser means you don't see a

web resource, meaning you have to open the browser still. Catch 22. :)

>
> I know, that for some web resources on our intranet, when a virtual

directory (which is mapped to a physical location) is missing mapping
credentials, the users receive a standard authentication prompt.

>
> May this behavior be emulated - this is the question?
>
> --
> Best regards,
>
> Andrew P. Revinsky
>
>
> "Raterus" wrote:
>

> > There is no way to remove the browser credentials other than actually

closing the browser.

> >
> >

[url]http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=06ad01c35185%2463788990%24a401280a%40phx .gbl&rnum=2&prev=/groups%3Fq%3Dnick%2540hks.ca%2Blogoff%26hl%3Den%26 lr%3D%26ie%3DUTF-8%26selm%3D06ad01c35185%252463788990%2524a401280a% 2540phx.gbl%26rnum%3D2[/url]

> >
> > "Andrew_Revinsky" <AndrewRevinsky@discussions.microsoft.com> wrote in

message news:918B102E-25B6-4B7D-8B64-A7F6DF5C538D@microsoft.com...

> > > Hi,
> > >
> > > please suggest if there is a way (and what is it) to force a web

application to "forget" a current user (authenticated with NTLM
authentication) and make Internet Explorer show a dialog box prompting for
authentication (username/password/domain)? (And then, have this session run
under a newly entered credentials?)

> > >
> > > The reason for this question is I am trying to implement a

functionality of "Logging Off". This option is rarely needed in our domain,
but when it is, it's when the web application is run on a "shared" computer.

> > >
> > > Thank you for your input on this!
> > >
> > > --
> > > Best regards,
> > >
> > > Andrew P. Revinsky

> >