stackoom
  简体   繁体   中英

How to handle windows authentication popup cancel button?

 原文  2013-01-03 07:30:10       c#/ asp.net/ windows-authentication

Question

I am using ASP.NET and C# with windows authentication and logout option. On logout i am redirecting to logout.aspx. There login button is provided for relogin.

While clicks on relogin i am doing this. 

        Response.Buffer = true;
        Response.StatusCode = 401;
        Response.StatusDescription = "Unauthorized";
        Response.AddHeader("WWW-Authenticate", "NTLM");
        Response.End();

It is working fine with a valid credentials. But if they click on cancel it is not calling the page load of logout.aspx but it displays the blankpage. If i click refresh it is logging into application with out asking any credentials.

During logout i am doing this. 

    protected void Page_Load(object sender, EventArgs e)
    {
        Page.Title = "Service Job Card - Logout";
        if (!IsPostBack )
        {
            //Session.Abandon();
            Session.RemoveAll();
            Response.ClearHeaders();
            Session[SessionNames.userLoggedOut] = true;
        }
        else if (IsPostBack && Session[SessionNames.userLoginTry] == null)
        {
            Session[SessionNames.userLoginTry] = true;
        }
        else
        {
            Session[SessionNames.userLoggedOut] = false;
            Response.Redirect("~/Pages/Login.aspx", true);
        }
    }

So in all page i am checking this session, if it is false he will be logged in.

Can someone tell me why the empty page is displayed during cancel?

1 answers

solution1
 0  2013-01-03 09:50:57

When you click Relogin button, you are sending 401 status code and ending the response abruptly ( Response.End ) - the 401 status probably causes browser to ask for credentials prompt again (although associated windows ticket might have been perfectly valid).

Canceling the prompt means browser will probably stop right there and that means showing the response from previous request which was blank (because you had used Response.End without writing any response text).

The refresh would probably cause the post-back replay - and as per your page_load code, it would fall into the last else condition, setting your flag and redirecting to login.aspx. Because, the original windows auth ticket was anyway valid, browser might have used the same for subsequent requests.

You can easily validate this by using the tool such as firebug/fiddler and see what is going on.

I am afraid that there is probably no solution for your problem other than targeting different behavior. For example, on Relogin click, you can straight-away take the user to login.aspx instead of sending 401.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to cancel authentication login popup How to handle popup authentication? How to handle popup windows in Geckofx How to use MsiSetExternalUI of Windows Installer in C# to handle the Cancel Button Click browser popup in windows authentication Using Windows Authentication, not getting a popup Windows Forms - How to display Update/Cancel Button in DataGridViewButtonColumn? In Ranorex how to handle popup How to handle error when login with different domain in windows authentication? How to handle Windows Authentication with Selenium Webdriver and Internet Explorer 10?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM