Reputation: 1916
How to disconnect session created by browser with Active Directory Server using c#?
I have an Intranet Website and when I does not log in from my Domain ID, browser automatically generate pop-up for Domain ID Username and Password.
Now the Problem is when I close my browser and some another user uses my Computer and opens the same browser, Browser will not again generate Pop-Up for Domain ID Username and Password and directly open the Intranet Website with my Domain ID.
Is there any way to terminate the session with AD Server when I Log-Out or close my browser.?
Thanks in advance
Upvotes: 3
Views: 3862
Answers (2)
Reputation: 4010
Active Directory server does not have a way to manage client connections to the server. All it does is manage the user credentials and accessibility. To switch roles or users in the active directory, you'd literally have to log off of windows and go back on.
Here is a perfect article that explains how to capture an active directory user logging into your website:
http://msdn.microsoft.com/en-us/library/ff647076.aspx
To replicate how YOU want users to log onto your site, your best bet is to go with Form Authentication, rather than using your Active Directory credentials. The mindset with Form Authentication is that you might have multiple users use the same computer logging into your website. Windows authentication has the mindset where only one user can log onto a computer so use that person's credentials by default to log onto the intranet website.
You can have the client send a request to disconnect from the server.
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.signout.aspx
You can also attempt to manage the User's session during log on as well:
http://msdn.microsoft.com/en-us/library/ah635ck5
the Abandon method seems to do the job that you'd want it to do.
Aside note: as a programmer using windows authentication, you don't have to worry about extra layers of security, but with Form authentication you have to keep security measures in mind.
Upvotes: 1
Reputation: 7365
I am not sure if this applies to AD server but you can delete the session cookie when browser closes.
window.onunload=function()
{
setCookie("YourCookieId","",-1);
}
Similarly on log-out you can set the expiration time to -1 years.
HttpCookie cookie2 = new HttpCookie("YourCookieId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
Upvotes: 0
Related Questions
- How to remove specific session in asp.net?
- Is this possible to clear the session whenever browser closed in asp.net?
- how to kill the session when user closed the browser without logout
- Kill the windows authentication session using Asp.net
- Asp.net get rid of session on server on logout
- Logout using session in asp.net
- Log out from windows authentication application
- abandon session in asp.net on browser close..kill session cookie
- Force Logoff from - BASIC "Active Directory" Authentication
- Login and Logout AD with C#