I have a website that people access using Active directory credentials. The person clicks on a link on PAGE A and get sent to PAGE B after log in is successful. Once in PAGE B there is a link for sign out that the user can click to close the window and being redirect, or whatever needs to happen in order for the user to be asked for credentials again. I have try, abandon session, expire the cookie, close browser with and without javascript, etc. The only thing that works is if i close the browser, but i can not redirect after closing a browser, so what options do i have? please help
What kind of authentication are you using? If it's Basic access authentication, consider this: Existing browsers retain authentication information until the tab or browser is closed or the user clears the history. HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without closing the browser. This is a significant defect that requires browser manufacturers to support a 'logout' user interface element or API available to JavaScript, further extensions to HTTP, or use of existing alternative techniques such as retrieving the page over SSL/TLS with an unguessable string in the URL. http://en.wikipedia.org/wiki/Basic_access_authentication
Excelent, now it make sense. So there is no way around this then. How does gmail, hotmail or amazon do it? i need to implement the same thing!! any advice
hi, what I have done a number of time on different .net projects is store the status of the user in a session variable or cookie or any other mean that can be read by other pages on the site. on all the pages that require the user to the logged in i check the status of that variable. if they are logout the value changed and the pages are redirected or the content is not loaded from DB... hope it helps.. cheers.
The issue here is that there is no form authentication. this is just a plain password protected folder that when you try to access it ask you for AD credentials. I need a system that when i log out it ask for credentials again. if you have a system that works would you mind copying and pasting the code you use, maybe i can implement and finally finish this long awaited project to end.
You can't just use built-in authentication. You need to create your own using ASP, PHP or some other server-side programmg. For example, you would have: login.asp (authenticates the user, creates a Session cookie, and redirects to 'yourpage.asp'). yourpage.asp (checks the Session cookie exists, shows page if it does and contains correct credentials). logout button (clears the Session cookie and redirects to home page)
Windows authentication works at the IIS level by passing your Windows authentication token. Since authentication occurs at the IIS level you cannot actually log out from application code. Have a look at : http://visualstudiomagazine.com/articles/2004/05/01/activate-windows-impersonation-selectively.aspx Hope this helps Si
Quesiton I found bunch of articles to help me configure my login, logout and default page and one of them have this line If this login page will be for a group of people, what do i replace the following with CN=Users,DC=testdomain,DC=test,DC=com do i actually type /dc=something here or /something here Set objUser = GetObject("LDAP://MySvr.MyDom.com/CN=Users,DC=testdomain,DC=test,DC=com")
As per my View your issue is user is able to visit his or her or others profile without doing login by just putting the url string.If is it the issue Then according to me you should try the following code. login page: plz put those code in if block because u have to tally this one with your database ass well. session["username"]=login.text; session["pwd"]=pwd.text; Home page: if(Session["username"]&& session["pwd"]!=null) { redirect.write("Login successfully"); } I hope this will work.
actually, each user have their own login, they cant not access the site if they dont have the actual credentials. the content inside is the the same for everyone yes. but the problem i am having is i cant find any guides on how to build a authentication form using AD (no xml) in aspx everything relates to visual basic but i dont know or have visual basic, only dreamweaver.