Re: Windows Authentication Timeout

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: bruce barker (nospam_brubar_at_safeco.com)
Date: 11/09/04 

Date: Tue, 9 Nov 2004 12:21:42 -0800

when you use integrated security, the credentials are requested for each
page. the browser just kindly tries the old login and password once to see
if it still works. to get the browser to reprompt just respond with a 401
error. you will have to remember that you sent the 401, or they will never
get in again.

-- bruce (sqlwork.com)

"Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u> wrote in message
news:Ov86xNpxEHA.1392@TK2MSFTNGP14.phx.gbl...
| I have an ASP.NET application that is using Windows Integrated
| Authentication (IIS) (as opposed to Forms Authentication).
|
| When the user first logs into the application, IIS prompts the user for
| their credentials.
| Once they are "authenticated", their credentials remain active while their
| web browser is open.
|
| Now, I want the "authentication" to "timeout" in 3 minutes. This way if
| they browse to another page after 3 minutes, they are prompted to
"re-enter"
| their credentials again.
|
| I know that in FormsAuthentication, you can "de-authenticate" someone by
| calling "FormsAuthentication.SignOut();" in the Session_End Event in
| Global.asax.
|
| Is there anyting like that for Windows Integrated Authentication (IIS)?
|
| (I had posted a similar question in:
| microsoft.public.dotnet.framework.aspnet.security, but have not been able
to
| get a good response. Please excuse me for cross-posting this question,
but
| I really just need to know if it is even possible...)
|
| Thanks.
|
| -- Will G.
|
|

Relevant Pages

  • Re: IIS6 - Virtual Directory to URL share, authentication problems.
    ... passing credentials across from webserver -> remote file server ... requires Kerberos (if IIS doesn't have the user's password), ... you won't get automatic logon. ... is that the "secure" authentication mechanisms do ...
    (microsoft.public.inetserver.iis.security)
  • Re: Active Directory Authentication in IIS 6
    ... I just installed ldp.exe and have no problems using the same credentials ... used in the code to connect and bind. ... settings in IIS, but I am not sure where to look. ... and Integrated Windows Authentication is checked. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authenticate user and allow anonymous access
    ... But all anonymous users would use the same credentials so ... > you send a 401.1 to the calling browser, ... > whatever is completely cut out, until the negotiation process is done, ... > This will cause the browser and IIS to start the negotiation process, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Cant make a domain user the "anonymous access" user
    ... When dealing with authentication issues it is VERY important to ... Some of the things you claim is not consistent with a default IIS ... If you use a browser that cannot do NTLM, by definition, a 401.2 error is ... user account that works and your domain account that does not. ...
    (microsoft.public.inetserver.iis.security)
  • Re: shared folder access
    ... >account delegation from your physical server running IIS ... >Your first option is to use Basic Authentication in IIS ... >This will remove the UNC user token credentials ...
    (microsoft.public.dotnet.framework.aspnet.security)