javascript - Force users to re-login after session clears in Windows Authentication - ASP.Net -
the requirements are:
after session clears, send user homepage, , force them re-login using windows authentication prompt.
current situation:
i have javascript countdown timer when hits 0, sends alert saying session over. want able either through javascript or postback server, clear user's credentials
what i've read/tried:
ajax post server setting httpcontext.response, , throwing httpexception(401)
[httppost] public actionresult forcerelogin() { //httpcontext.response.statuscode = 401; //httpcontext.response.end(); //return redirecttoaction("index", "home"); //throw new httpexception(401, ""); return new httpstatuscoderesult(httpstatuscode.unauthorized); }
neither of these seem work ajax, , i'm unsure of how cause regular post controller action doesn't involve submit.
question:
how force users re-authenticate windows authentication credentials, without using active-x or changing ie settings? bonus question: how postback javascript mvc controller action without using submit or ajax?
below examples of comment.
if away request -
controller:
[httpget] public actionresult forcerelogin() { // maybe throw new unauthorized httpexception exception? // throw new httpexception(401, "forbidden"); // try invalidate session , redirect login page return new httpstatuscoderesult(httpstatuscode.unauthorized); }
javascript:
<script type="text/javascript"> ... var redirecttologin = function() { window.location.href = "http://foo.com/login/forcerelogin"; } ... </script>
or if needed post, do: controller:
[httppost] public actionresult forcerelogin() { // maybe throw new unauthorized httpexception exception? // throw new httpexception(401, "forbidden"); // try invalidate session , redirect login page return new httpstatuscoderesult(httpstatuscode.unauthorized); }
javascript & html:
<script type="text/javascript"> ... var redirecttologin = function() { var form = document.getelementbyid("formfoo"); form.submit(); } ... </script> <form id="formfoo" action="http://foo.com/login/forcerelogin"> ... </form>
i not entirely sure how invalidate user session though? returning unauthorized error code may redirect login page, user press button , continue browse on. if isn't concern may redirect user login page directly. did find post, , perhaps may need follow similar approach, involves sending invalid login attempt: logging user out when using http basic authentication
Comments
Post a Comment