|
-
Jul 22nd, 2008, 10:24 AM
#1
Basic Authentication question
We have an ASP site that uses Basic Authentication with SSL. When the user accesses the site the first thing they must do you enter a username and password. From then on they can continue browsing the site without have to authenticate again. The only time they will see the login request is if they close there current browser window and then return to the site. What I would like to do is have a log out option that would take the user to a non secure page and will not give them access again until they authenticate again.
Basically what I’m asking is it possible to have IIS display the basic authentication dialog twice for the same site without having to close the browser first?
-
Aug 1st, 2008, 02:35 AM
#2
Re: Basic Authentication question
Not using that level of IIS authentication, no.
What you would need to do is implement a form of forms authentication and your own login page, storing a UserID (for example) at logon within a session variable, then clear this session variable upon the logout link being clicked. Finally implementing a validation check upon the loading of each restricted page in order to check a valid credential (i.e. UserID) session variable was set, or otherwise redirecting the user to the login page once again.
-
Aug 1st, 2008, 06:17 AM
#3
Re: Basic Authentication question
Check the session variable and throw an HTTP 401 if the session variable doesn't exist so that they are prompted again.
-
Aug 1st, 2008, 07:26 AM
#4
Re: Basic Authentication question
How do you throw an HTTP 401?
I have tried err.Raise 401 and that just produces an "Unknown runtime error"
-
Aug 2nd, 2008, 12:41 PM
#5
Re: Basic Authentication question
It should be Response.Status to set the status code.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
