Solved

forcing logout after non-anonymous integrated windows authentication

Posted on 2008-10-16
4
609 Views
Last Modified: 2012-05-05
Hello,
I have a non-anonymous integrated windows login scenario for an IIS 6 based website (development environment: Visual Studio 2005 / and server with asp.net 2.0) whereby the user authenticates using an integrated windows authentication. That is, when first hitting the URL on the website, the user is presented with a standard windows login screen, and they enter their credentials they normally would log into Windows with. Their login is enabled throughout their session until their browser is closed.

I need to add some security so that if the worker leaves their machine, then after a certain amount of time, their screen will go to a safe screen, and they'll be required to log in again. In all my readings on this, the uniform recommendation seems to be that you have to close the browser, which is fine with me. I also saw a reference to clearing the user.identity token, but i can't figure out how to do this in Visual Studio. User.identity.IsAuthenticated is read-only. Rats.

Question: how can I either:
1. time-out the  page,  nullify the authentication state, and redirect it to a safe, non-authentication page that will require the user to click a link that references a secure page, and it presents the user with an integrated Windows login screen again.

or if this can't be done:

2. automatically close the browser after a certain amount of time that a page has been up.

Thanks kindly for any ideas.
0
Comment
Question by:Curriculum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 27

Accepted Solution

by:
BigRat earned 500 total points
ID: 22733856
  If the Authentication scheme is Basic Authentication, the ONLY way is to close the browser, since it holds the userId and the password and sends it on EVERY request.
0
 

Author Comment

by:Curriculum
ID: 22734561
Hi BigRat - yes, it's Basic authentication.

Any chance that what the browser is holding can be nulled out, so that 1. the page could be re-directed to another non-basic-auth page, and 2. any subsequent attempt at a page requiring basic auth would require the credentials again ? I found one reference online (but unfortunately unsupported with code) that indicated this could be done by addressing the identity token which is held by the browser, and is only possible in IE6 SP 1 or higher, which is fine with my situation.

0
 

Author Comment

by:Curriculum
ID: 22789170
Hi,
Will close this question with twofold comment:

1. Thanks BigRat for the quick response, with what should be a definitive answer without a kludge.  I've spend about 16 hours after this post looking at solutions and most all authoritative responses are in agreement.
2. For anyone wanting to avoid closing the browser and using a kludge, here is Microsoft's kludge:

http://support.microsoft.com/?id=195192

It involves creating an ActiveX control which is downloaded by the browser and run. Unfortunately the code is written in VB6 and it wasn't obvious how to translate that over to Visual Studio.
0
 

Author Closing Comment

by:Curriculum
ID: 31509350
Thanks. I wasn't in the mood to create the ActiveX control and see if that would work, so I'll tell my customer to close the darn browser!
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Easy filter aspnet 2 48
asp Google Map 2 92
How to filter by key press ? 6 66
How can I change a label on default.aspx from my public class, class1.vb? 11 27
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question