All geek questions in one place

Logout button Basic authentication IIS6 ASP.NET

I have a requirement for an explicit exit button for users in an ASP.NET web application. I am using IIS6 with basic authentication (SSL). I can redirect to another webpage, but the browser supports the session. I googled around and found a way to do this, allowing proactive x management to talk to IIS and kill the session. I am in a restricted environment that does not allow authentication and active x controls are also prohibited. Has anyone else had this requirement and how did you handle it?

Okay, this is what I was afraid of. I saw similar answers on the net, and I was hoping someone had a way to do this. Thank you for your time. I think I can use javascript to prevent the back button, like history.back ()

+3
source share
4 answers

I struggled with this myself for several days.

Using specific IE " document.execCommand('ClearAuthenticationCache');" is not for everyone - a good option: 1) it resets all credentials, which means that the user, for example, will also exit his gmail or any other website on which he is currently authenticated 2 ) only IE;)

I tried using Session.Abandon () and then redirected to my Default.aspx. This alone is not enough. You need to explicitly tell the browser that the request is not allowed. You can do this using something like:

response.StatusCode = 401;
response.Status = "401 Unauthorized";
response.AddHeader("WWW-Authenticate", "BASIC Realm=my application name");
resp.End();

: == > . : escape ( ) , , , , .

- "" . . .

response.StatusCode = 401;
response.Status = "401 Unauthorized";
string realm = "my application name";                
response.AddHeader("WWW-Authenticate", string.Format(@"BASIC Realm={0} ({1})", realm, DateTimeUtils.ConvertToUIDateTime(DateTime.Now)));
resp.End();

, , :

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.MinValue);
Response.Cache.SetNoStore();

( ) IE, Firefox , escape ( ), (F5) .

+4

Session.Abandon , Session, . Abandon , , .

+2

Session.Abandon ?

Edit

, .

"" . , , logOut, , .

- , , .

"" ( ) . HTML/HTTP- .

0

, IE6 .

<asp:LinkButton ID="LinkButton1" runat="server" OnClientClick="logout();">LinkButton</asp:LinkButton>


<script>

    function logout()
    {
    document.execCommand("ClearAuthenticationCache",false);
    }
 </script>

http://msdn.microsoft.com/en-us/library/bb250510%28VS.85%29.aspx

- , .

: . : " , , . , , - , , ".

A: Internet Explorer, Internet Explorer 6.0 1 (SP1). , , execCommand , ClearAuthenticationCache , :

document.execCommand("ClearAuthenticationCache");

, , , .

I put this on my logout button and it works in IE6 sp1 and higher:

OnClientClick="document.execCommand('ClearAuthenticationCache');"
0
source

Source: https://habr.com/ru/post/1704233/

More articles:


All Articles