Radu Negrila
Reputation: 667
Windows Authentication Timeout
How can you suspend access to a user session after a specified interval of inactivity when using Windows Integrated Security for an ASP.NET MVC Website?
Upvotes: 2
Views: 734
Answers (1)
Radu Negrila
Reputation: 667
When using Kerberos for authentication Internet Explorer (IE) will continue sending the same credentials for each subsequent request to the server until one of two things happens:
a) The user closes their browser.
b) The server refuses the credentials with a 401 status code.
This behavior is KB 264921.
If we want to simulate a session than we have to implement the following steps:
- Create a sliding expiration cookie for the duration of the session.
- Check for that cookie for every request: begin_request or global filters. If the cookie is missing return a 401 status code for that specific request.
- Next request will trigger the authentication prompt.
I was hoping someone else having a better ideea, this one feels kind of hacky.
Upvotes: 1
Related Questions
- Identity Claim Timeout
- forms timeout issue in asp.net mvc
- windows authentication session timeout
- Why really short timeout in ASP.NET MVC?
- ASP.NET Forms authentication timeout expires too soon
- Authentication session timeout
- ASP.NET MVC 4 Session timeout
- ASP.NET Forms Authentication timeout
- Incorrect forms authentication timeout
- asp.net forms authentication timing out after 1 minute