i developing intranet asp.net application. using windows authentication, authentication mode set windows in web.config.
i want restrict pages users using tag tag allow/deny users.
scenario :
user1 not allowed access page "reports.aspx" (this page has restricted access using authorization tag in web.config)
user2 allowed access page. both of them in mycompany domain.
when user1 tries access page shown credentials popup - enter details of "user2" since user2 allowed access ; subsequently, user1 able access page(by using user2's details).
now user1 goes other page not restricted authorization tag. lets goes homepage. again homepage, try access reports.aspx. @ point logically speaking, again prompt login credentials must come . instead no popup comes , user1 allowed access reports page.
i decided check username using httpcontext.current.user.identity.name in scenario. when user1 trying access reports.aspx second time(after having logged in first time) credentials being stored in browser(i guess) because time around, when page loads, credentials show user2 in code behind.
how prevent , force login prompt every time page ?
guess n00b when asked this.
for benefit of people might have faced scenario - when login again, original credentials no longer maintained , asp.net recognizes user2 hereafter.
Comments
Post a Comment