|
Home > Archive > IIS Server Security > November 2004 > Secure WebDAV - ending connection
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Secure WebDAV - ending connection
|
|
| David P. Lurie 2004-11-22, 5:50 pm |
| I need to access files via SSL-encrypted WebDAV from our server at a remote
site from locked-down workstations, basically with IE6 configured with
limited functionality and only a few apps.
The connection needs to be dropped when the browser is closed. The secure
web site address can be found afterwards in the browser history, which can't
be cleared.
I have tested this from my workstation within the domain on the LAN. When
connecting to the secure web sit with IE6, the connection is dropped when the
browser window is closed, even though I can still access the directory
through an AD share without additional logon requirement. Opening a new
browser window with the secure web site address brings up the logon dialog
box, as expected.
This suggests that I can safely access the files remotely, and, although the
web site address can be obtained from the browser history, the connection is
closed when the browser is closed, and I wouldn't need to log off the system
to clear the connection.
Thanks
| |
| Ken Schaefer 2004-11-23, 8:27 am |
| Hi,
The HTTP connection is dropped from the client end when all browser windows
within the process are closed (iexplore.exe). You can have multiple windows
within the same process.
In terms of the authentication - which is something a bit different: once
you authenticate, IE will continue sending the user's credentials until:
a) the process is shutdown (iexplore.exe) (which requires that all Windows
within that process have been closed)
-or-
b) the server says that the credentials are invalid (and the user is
prompted to supply alternate credentials)
Note: if the user browses to the site using something other than by using
the IE icon, eg they use an Explorer window, and type http://yoursite into
the address bar, then you will need to close Explorer itself (requiring a
logoff) to clear the credentials.
Cheers
Ken
"David P. Lurie" <David P. Lurie@discussions.microsoft.com> wrote in message
news:20F5D105-1B7C-4522-9156-A7DD343B3F57@microsoft.com...
>I need to access files via SSL-encrypted WebDAV from our server at a
>remote
> site from locked-down workstations, basically with IE6 configured with
> limited functionality and only a few apps.
>
> The connection needs to be dropped when the browser is closed. The secure
> web site address can be found afterwards in the browser history, which
> can't
> be cleared.
>
> I have tested this from my workstation within the domain on the LAN. When
> connecting to the secure web sit with IE6, the connection is dropped when
> the
> browser window is closed, even though I can still access the directory
> through an AD share without additional logon requirement. Opening a new
> browser window with the secure web site address brings up the logon dialog
> box, as expected.
>
> This suggests that I can safely access the files remotely, and, although
> the
> web site address can be obtained from the browser history, the connection
> is
> closed when the browser is closed, and I wouldn't need to log off the
> system
> to clear the connection.
>
> Thanks
|
|
|
|
|