Windows Authentication Timeout
Question
How can you suspend access to a user session after a specified interval of inactivity when using Windows Integrated Security for a ASP.NET MVC Website .
Thanks in advance,
Radu
1 answers
solution1
0 2014-07-08 05:59:10
When using Kerberos for authentication Internet Explorer (IE) will continue sending the same credentials for each subsequent request to the server until one of two things happens: a) The user closes their browser. b) The server refuses the credentials with a 401 status code. This behavior is KB 264921.
If we want to simulate a session than we have to implement the following steps: 1. Create a sliding expiration cookie for the duration of the session 2. Check for that cookie for every request: begin_request or global filters. If the cookie is missing return a 401 status code for that specific request. 3. Next request will trigger the authentication prompt.
I was hoping someone else having a better ideea, this one feels kind of hacky.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.