|
Home > Archive > IIS Server > January 2004 > Logon / Logoff Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Logon / Logoff Question
|
|
| Jonathan S. 2004-01-24, 1:46 am |
| I've got a simple intranet site that will soon contain information that
needs to be secure. I would like to do this by requiring the user to log
in and out of the site using their NT credentials.
I made sure that IIS wouldn't accept anonymous connections, and the
logon box popped up like clockwork.
Here's the problem... how can I log the user out properly? It seems that
ASP session.abandon doesn't cause the logon box to appear the next time
the user tries to visit the site.
I've tried googling this, but haven't had much luck.
Thanks very much in advance for any ideas you can offer.
Jonathan
| |
| Jeff Cochran 2004-01-24, 1:46 am |
| On Fri, 16 Jan 2004 14:25:07 -0500, "Jonathan S." <spam@jdspt.com>
wrote:
quote:
>I've got a simple intranet site that will soon contain information that
>needs to be secure. I would like to do this by requiring the user to log
>in and out of the site using their NT credentials.
>
>I made sure that IIS wouldn't accept anonymous connections, and the
>logon box popped up like clockwork.
>
>Here's the problem... how can I log the user out properly? It seems that
>ASP session.abandon doesn't cause the logon box to appear the next time
>the user tries to visit the site.
>
>I've tried googling this, but haven't had much luck.
>
>Thanks very much in advance for any ideas you can offer.
Internet Explorer will pass logon credentials if you use Windows
Authenticated, no logon needed. It's already handled by the network
logon.
Jeff
| |
| Tom Kaminski [MVP] 2004-01-24, 1:46 am |
| "Jonathan S." <spam@jdspt.com> wrote in message
news:uU4WZXG3DHA.1804@TK2MSFTNGP12.phx.gbl...quote:
> I've got a simple intranet site that will soon contain information that
> needs to be secure. I would like to do this by requiring the user to log
> in and out of the site using their NT credentials.
>
> I made sure that IIS wouldn't accept anonymous connections, and the
> logon box popped up like clockwork.
>
> Here's the problem... how can I log the user out properly? It seems that
> ASP session.abandon doesn't cause the logon box to appear the next time
> the user tries to visit the site.
>
> I've tried googling this, but haven't had much luck.
>
> Thanks very much in advance for any ideas you can offer.
Credentials are cached by the browser and have nothing to do with ASP
sessions.
See: http://support.microsoft.com/?kbid=195192
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
| |
| Jonathan S. 2004-01-24, 1:46 am |
| Hi Jeff,
Thanks for the response...
Unfortunately, we're in a mixed environment here, with some people using
Mozilla, and other Internet Explorer. Additionally, IE does in fact
prompt the for username and password. Perhaps I have my IIS settings
incorrectly configured?
Jonathan
Jeff Cochran wrote:quote:
> On Fri, 16 Jan 2004 14:25:07 -0500, "Jonathan S." <spam@jdspt.com>
> wrote:
>
>
>
>
> Internet Explorer will pass logon credentials if you use Windows
> Authenticated, no logon needed. It's already handled by the network
> logon.
>
> Jeff
| |
| Jonathan S. 2004-01-24, 1:46 am |
| Tom,
Thanks very much for the response.
I'll try to get that control created and test it out. I'll still have to
figure out a solution for my Mozilla users... perhaps there's a code
snippet to clear the cache... well, off to Google... thanks!
Jonathan
Tom Kaminski [MVP] wrote:
quote:
> "Jonathan S." <spam@jdspt.com> wrote in message
> news:uU4WZXG3DHA.1804@TK2MSFTNGP12.phx.gbl...
>
>
>
> Credentials are cached by the browser and have nothing to do with ASP
> sessions.
> See: http://support.microsoft.com/?kbid=195192
>
| |
| Jeff Cochran 2004-01-24, 1:46 am |
| On Fri, 16 Jan 2004 16:12:19 -0500, "Jonathan S." <spam@jdspt.com>
wrote:
quote:
>Hi Jeff,
>
>Thanks for the response...
>
>Unfortunately, we're in a mixed environment here, with some people using
>Mozilla, and other Internet Explorer. Additionally, IE does in fact
>prompt the for username and password. Perhaps I have my IIS settings
>incorrectly configured?
No, there are situations where IE will prompt when it doesn't believe
the site is in the intranet. It won't pass credentials to sites you
haven't trusted.
In a mixed environment you have to use standard authentication, but
the credentials will still be cached by the browser and passed. You
need to clear the logon credentials on the client side so the user has
to log in again. It can be done with an ActiveX control, there's one
floating around out there somewhere that does this. A search should
turn it up.
Jeff
[QUOTE][color=darkred]
>Jeff Cochran wrote:
|
|
|
|
|