Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
inet
active_desktop
active_scrptng
asp.components
asp.db
asp.general
comctl32
comp.packaging
components.dev
dbweb
dhtml_editing
docobjects
html_authoring
html_objmodel
iis
iis.ftp
iis.security
iis.smtp_nntp
indexserver
misc
mshtml_hosting
scripting.jscript
scripting.vbscript
sdk_setup
shell_objmodel
urlmonikers
webbrowser_ctl
wininet
  
 
date: Mon, 25 Apr 2005 07:04:02 -0700,    group: microsoft.public.inetsdk.programming.urlmonikers        back       


IE security    
Hi ,

I have a  asp.net wep application.  The application will display login 
prompt (basic authentication in IIS) 
when the user try to login, then close the brower and session ID when 
clicking "exit" button. 

  The problem is that there is no login prompt if the user open the 
application again after exit the appliction while there is another brower 
instance (no necessary be the appliction site) remained open. 

Is the browser keep the login name and password somewhere in all browser ?  
The "exit" could only close current browser instance with the application , 
not all open browser, How can I fix the problem? 

Thanks.
date: Mon, 25 Apr 2005 07:04:02 -0700   author:   Jasmine

Re: IE security    
"Jasmine"  wrote in message
news:32CC1554-848F-45F2-B0B4-D76DA39C8575@microsoft.com
> I have a  asp.net wep application.  The application will display login
> prompt (basic authentication in IIS)
> when the user try to login, then close the brower and session ID when
> clicking "exit" button.
>
>  The problem is that there is no login prompt if the user open the
> application again after exit the appliction while there is another
> brower instance (no necessary be the appliction site) remained open.

IE caches logon credentials on a per-process basis. The symptoms you 
describe indicate that the two IE instances are actually running in the 
same process. This may happen when the user creates a new instance with 
File | New | Window (Ctrl-N), or right-clicking a link and choosing Open 
in New Window. This may also happen for almost all IE instances when the 
following option is turned on: Tools | Internet Options | Advanced | 
Reuse windows for launching shortcuts.

> Is the browser keep the login name and password somewhere in all
> browser ? The "exit" could only close current browser instance with
> the application , not all open browser, How can I fix the problem?

I don't know of any way to work around it.
-- 
With best wishes,
    Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not 
necessarily a good idea. It is hard to be sure where they are going to 
land, and it could be dangerous sitting under them as they fly 
overhead. -- RFC 1925
date: Mon, 25 Apr 2005 10:39:41 -0400   author:   Igor Tandetnik

Re: IE security    
It is doable, but pain.

You would have to replace IAuthentication, and check record
credentials + dispatch. I have done it in the past.

Also if you think that stuff is bad, try smartcard authentication.
One can not just fix pin caching issue with some simple interface
replacement, because SSL neg happends before connection
is established. So neither IIS or moniker can see anything usefull.
SetInetyOption certificate does not work either cause you can not
see what is server is asking for (subject, features).

Oh, well my 20 second rant.
date: 18 May 2005 05:28:35 -0700   author:   Brian

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us