asp and AD authentication

  • Thread starter Thread starter Blake
  • Start date Start date
B

Blake

I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake
 
If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley
 
Thanks, but I'm not using cookie based auth. This is actual Windows
authentication.
Blake
Jason Bentley said:
If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley

Blake said:
I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake
Click to expand...
Click to expand...
 
In that case, I would say the only way to safely end the session is to close
the window. Session.Abandon() may work but the user's credentials are
stored on the client and may not work. Happy coding!

Jason Bentley


Blake said:
Thanks, but I'm not using cookie based auth. This is actual Windows
authentication.
Blake
Jason Bentley said:
If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley

Blake said:
I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake
Click to expand...
Click to expand...
Click to expand...
 
Jason Bentley said:
In that case, I would say the only way to safely end the session is to close
the window. Session.Abandon() may work but the user's credentials are
stored on the client and may not work. Happy coding!
Click to expand...

Session abandon *will not* work in this case - the credentials are cached by
the browser. See this link for an alternative solution:
http://support.microsoft.com/?kbid=195192
 
Back
Top