Re: Windows Authentication Timeout

From: Patrick.O.Ige (PatrickOIge_at_discussions.microsoft.com)
Date: 11/11/04 

Date: Thu, 11 Nov 2004 00:22:02 -0800

But if on pages you could use Jscript?
To timeout why the stress!!
Patrick

"Will Gillen" wrote:

> I give up...
> I'm just going to use FormsAuthentication and write a Login page that will
> take the users Windows Domain Credentials and validate them against AD on
> the backend. This way I can take advantage of being able to
> programmatically control how long a User remains Authenticated. This seems
> to be the only approach that will work. Apparently, Windows Authentication
> doesn't have a Timeout value that can be set programmatically for ASPX
> pages. "Once you're in, you're in" approach seems to be in place. I
> understand that SSO (Single Sign-On) is the approach that Windows Integrated
> Authentication was going for here, but it seems like programmers should be
> able to override this in order to add additional security to certain parts
> of their application.
>
> If someone from Microsoft is listening, and can shed some light on this,
> please stop me now, and clue me in on the secret...
>
> Thanks.
>
> -- Will Gillen
>
>
> "Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u> wrote in message
> news:Ov86xNpxEHA.1392@TK2MSFTNGP14.phx.gbl...
> > I have an ASP.NET application that is using Windows Integrated
> > Authentication (IIS) (as opposed to Forms Authentication).
> >
> > When the user first logs into the application, IIS prompts the user for
> > their credentials.
> > Once they are "authenticated", their credentials remain active while their
> > web browser is open.
> >
> > Now, I want the "authentication" to "timeout" in 3 minutes. This way if
> > they browse to another page after 3 minutes, they are prompted to
> "re-enter"
> > their credentials again.
> >
> > I know that in FormsAuthentication, you can "de-authenticate" someone by
> > calling "FormsAuthentication.SignOut();" in the Session_End Event in
> > Global.asax.
> >
> > Is there anyting like that for Windows Integrated Authentication (IIS)?
> >
> > (I had posted a similar question in:
> > microsoft.public.dotnet.framework.aspnet.security, but have not been able
> to
> > get a good response. Please excuse me for cross-posting this question,
> but
> > I really just need to know if it is even possible...)
> >
> > Thanks.
> >
> > -- Will G.
> >
> >
>
>
>

Relevant Pages

  • Re: Securing static files
    ... It's not the session - it's the authentication timeout - you can set the timeout in the element in web.config. ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows Authentication Timeout
    ... The problem is that with Windows auth, the browser caches those credentials ... >> | Yes, I have looked at Forms Authentication, the problem is that I ... just so I can have an authentication timeout? ... >> | I believe that the reason they are prompted twice on the first request ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Windows Authentication Timeout
    ... I have been working on trying to enforce a "timeout" on Windows Integrated ... but now the browser is asking for credentials ... Twice on the First page request. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: "Hidden" HTTP 401 Errors
    ... The default timeout is 900 seconds. ... authentication mechanisms involve authentication the hTTP connection - if ... A page is requested with security credentials, ... Failure triggers the request to be resent with credentials so ...
    (microsoft.public.inetserver.iis.security)
  • Re: Website Running Slow Please Help.
    ... That is the default timeout. ... the data change? ... If your programmers want to blame the host, ... Developers for exciting positions in medical product ...
    (microsoft.public.dotnet.framework.aspnet)