Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Windows Integrated Authentication - how to clear credentails

  Asked By: Aiesha    Date: Mar 21    Category: Sharepoint    Views: 2452

I want to 'dispose' of a users credentials when they choose to 'logout' of
SharePoint (SPS2003). In reading a little about this type authentication, it
is a wrapper for Kerberos or NTLM, based upon the environment. The result of
the challenge/response is stored somewhere. My question is, where?

The scenario I have is multiple users accessing the Portal from the same
desktop machine. We want each user to use their own identity instead of
using a blanket login account (or the previous users identity). They could
close the browser and reopen, forcing them to login again, but it would seem
more natural to give them the logout button, redirect them to a non-auth
page, then provide a link to log back in ... sort of like most Web apps
(online banking for instance).

Anyone have any ideas on this? Anyone implemented something like this
before?

Share: 

 

4 Answers Found

 
Answer #1    Answered By: Faith Delgado     Answered On: Mar 21

You know I don't do code, but to me the logical place to start would be
the code behind "login as a different user." If that could be modified
somehow so that it really logged out a user  before logging in a new one,
that might suffice. You could also educate the users  to "login as a
different user" using a bogus account  or an account that has no access
to anything. That would give  them a denied page and the opportunity to
login as another user.

Just trying to think of a solution that requires a lot of coding.

 
Answer #2    Answered By: Irving Hurley     Answered On: Mar 21

It was nice to finally put a face to the name, it was my pleasure to you.

I had a few friends looking for solutions, and the solution that I have
partially working right now involves this piece of javascript:

function Logout()
{
try {
if (browseris.ie6up)
{ document.execCommand("ClearAuthenticationCache", "false");
window.location.href = http://wherever you want to redirect  the user;

}
else
{
alert("This feature requires Internet Explorer 6.0 Service Pack 1 or
above. " + "Please close all browser windows  in order to complete the logout
process.");
}
}
catch (e)
{ alert("This feature requires Internet Explorer 6.0 Service Pack 1 or
above. " + "Please close all browser  windows in order to complete the logout
process."); }
}

There are a few steps involved in making all this happen, and I will post a
complete solution when it is completed (hopefully by tomorrow) for
everyone's benefit.

 
Answer #3    Answered By: Trevor Davis     Answered On: Mar 21

This is on the assumption that the ASP.net session is being held using
the cookies.....

You might want to look at the browser  cookies created when a user  logs
into the Sps2003 site (a browser like mozilla will help you to recognize
the cookies getting created.). Then, on logoff, try deleting these
cookies. This might clear  the session.

 
Answer #4    Answered By: Vinay Thakur     Answered On: Mar 21

Following command can be used to clear  credentials

document.execCommand("ClearAuthenticationCache","false");