Running in Windows Auth mode with impersonation. The logout button is missing, so there is no way for an end-user to terminate a session and clear their credentials without closing the browser window. Is there a fix for this??
lorennerol
9/18/2008 8:41 AM
Hi Loren,
The logout button is hidden on purpose when Windows authentication is used. This is because in Windows authentication mode, the user credentials are being cached and controlled by the client browser, not by IIS that's why we have no control on terminating a user's session from server-side. So best way to log out is closing the browser window.
There are some solutions like this javascript command which only works in IE:
document.execCommand("ClearAuthenticationCache");
This command can be used in onclick event of a logout link.
The other solution would be sending a 401 response code when clicked on a logout link. We need to test this.
Cem Alacayir
11/17/2008 6:22 AM