Thanks for reading and for your thoughts; this is a hairy problem, so I thought I wanted to share if this is really an honest task for more experienced developers than ourselves.
We are developing a web application for the Microsoft Active Directory enterprise environment, and we use Windows authentication provided by IIS to authenticate users for single sign-on along with form authentication. I know that IIS complains when both are turned on, but it works very well, and every site we deployed to has had no weird quirks to work around - so far.
The new site has “shared” computers that are constantly registered with a shared account that has read-only access to the applications they need to use. This means that we cannot distinguish between users who must have different permissions for the application; we need to somehow request the authentication data from the user.
The first attempt is a serious search engine; no one else in the world seemed to have our problem, except for a few misguided souls who asked questions on the air and received no answer.
After a little brainstorming and finding out the method of IIS authentication, it seemed that the easiest way to approach the problem was to issue 401 Unauthorizeda response to a user who, as you know, is a shared account. The initial tests here turned out to be fruitful, which led to successful changes in the username inside the browser, however, the prototype on the site did not request credentials, and the browser retained the same account information. We also come across IE-specific javascript
document.execCommand("ClearAuthenticationCache")
, , , . IE , , - - , , , .
. , , "" :
- , (... yuck)
- webapp Intranet .
- SSO
, - , , , - - , , - - - .