asp and AD authentication

TheMSsForum.com: The Microsoft Software Forum

I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?

What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?

Thanks, as always.

Blake
Top

Re: asp and AD authentication by Jason

Jason
Fri Mar 05 11:18:25 CST 2004

If you are using Forms-based authentication and cookies, you could just kill
the cookie.

public static void LogOutUser(cookieName)
{
if (HttpContext.Current != null)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Cookies[cookieName].Expires =
DateTime.Now;
HttpContext.Current.Response.Cookies.Remove(cookieName);
}
}

-or-

You could just abandon the session:

Session.Abandon();
Response.Redirect("default.aspx");

Jason Bentley

"Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
news:upWX7UsAEHA.3024@TK2MSFTNGP10.phx.gbl...
> I have no problems authenticating via AD and an ASP page. My question is
> this - is there any way to 'reverse' the process?
>
> What I mean is the authenticated state remains as long as the browser
window
> is open. Is there any .asp command I can provide that will revert the
> browser session back to IUSR?
>
> Thanks, as always.
>
> Blake
>
>


Top

Re: asp and AD authentication by Blake

Blake
Fri Mar 05 12:13:14 CST 2004

Thanks, but I'm not using cookie based auth. This is actual Windows
authentication.
Blake
"Jason Bentley" <jbentley@urc.state.in.us.nostinkingspam> wrote in message
news:%23x0afXtAEHA.2804@tk2msftngp13.phx.gbl...
> If you are using Forms-based authentication and cookies, you could just
kill
> the cookie.
>
> public static void LogOutUser(cookieName)
> {
> if (HttpContext.Current != null)
> {
> FormsAuthentication.SignOut();
> HttpContext.Current.Response.Cookies[cookieName].Expires =
> DateTime.Now;
> HttpContext.Current.Response.Cookies.Remove(cookieName);
> }
> }
>
> -or-
>
> You could just abandon the session:
>
> Session.Abandon();
> Response.Redirect("default.aspx");
>
> Jason Bentley
>
> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
> news:upWX7UsAEHA.3024@TK2MSFTNGP10.phx.gbl...
> > I have no problems authenticating via AD and an ASP page. My question
is
> > this - is there any way to 'reverse' the process?
> >
> > What I mean is the authenticated state remains as long as the browser
> window
> > is open. Is there any .asp command I can provide that will revert the
> > browser session back to IUSR?
> >
> > Thanks, as always.
> >
> > Blake
> >
> >
>
>


Top

Re: asp and AD authentication by Jason

Jason
Fri Mar 05 13:36:11 CST 2004

In that case, I would say the only way to safely end the session is to close
the window. Session.Abandon() may work but the user's credentials are
stored on the client and may not work. Happy coding!

Jason Bentley


"Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
news:O972I2tAEHA.580@TK2MSFTNGP11.phx.gbl...
> Thanks, but I'm not using cookie based auth. This is actual Windows
> authentication.
> Blake
> "Jason Bentley" <jbentley@urc.state.in.us.nostinkingspam> wrote in message
> news:%23x0afXtAEHA.2804@tk2msftngp13.phx.gbl...
> > If you are using Forms-based authentication and cookies, you could just
> kill
> > the cookie.
> >
> > public static void LogOutUser(cookieName)
> > {
> > if (HttpContext.Current != null)
> > {
> > FormsAuthentication.SignOut();
> > HttpContext.Current.Response.Cookies[cookieName].Expires =
> > DateTime.Now;
> > HttpContext.Current.Response.Cookies.Remove(cookieName);
> > }
> > }
> >
> > -or-
> >
> > You could just abandon the session:
> >
> > Session.Abandon();
> > Response.Redirect("default.aspx");
> >
> > Jason Bentley
> >
> > "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
> > news:upWX7UsAEHA.3024@TK2MSFTNGP10.phx.gbl...
> > > I have no problems authenticating via AD and an ASP page. My question
> is
> > > this - is there any way to 'reverse' the process?
> > >
> > > What I mean is the authenticated state remains as long as the browser
> > window
> > > is open. Is there any .asp command I can provide that will revert the
> > > browser session back to IUSR?
> > >
> > > Thanks, as always.
> > >
> > > Blake
> > >
> > >
> >
> >
>
>


Top

Re: asp and AD authentication by Tom

Tom
Fri Mar 05 14:52:42 CST 2004

"Jason Bentley" <jbentley@urc.state.in.us.nostinkingspam> wrote in message
news:OFy9dkuAEHA.1076@TK2MSFTNGP12.phx.gbl...
> In that case, I would say the only way to safely end the session is to
close
> the window. Session.Abandon() may work but the user's credentials are
> stored on the client and may not work. Happy coding!

Session abandon *will not* work in this case - the credentials are cached by
the browser. See this link for an alternative solution:
http://support.microsoft.com/?kbid=195192

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/



Top