I have a separate site that allows anonymous access.  The private site
requires Basic Authentication.  Also, one requirement is that I cannot 
use
cookies.  The problem seems to be that as long as the browser stays open 
it
retains the authentication.  Session.Abandon does not work.  Nor does
opening a child window pointing to the Public page and then closing the
private session browser window.  The security information gets passed to 
the
child window.

It seems that this should be an easy problem to fix, but I cannot find a 
way
to kill the security token on the browser side without using ActiveX.

-Regards,
Rich
>-----Original Message-----
>From: Daniel Tremblay [mailto:dtremblay@t...]
>Sent: Wednesday, February 21, 2001 9:28 AM
>To: Security_asp
>Subject: RE: Force Authentication
>
>
>You could have two web applications:
>1. The public application allows anonymous
>2. The authenticated application forces user to use basic
>authentication or NTLM
>
>Just a thought.
>
>Dan.
>
>-----Original Message-----
>From: Richard Blair [mailto:rblair@s...]
>Sent: Wednesday, February 21, 2001 10:53 AM
>To: Security_asp
>Subject: Force Authentication
>
>
>Is there any way to force users to authenticate?  I have a
>site with a public page which leads to a authenticated site. 
>When users log off (i.e.; go back to the public page) I want
>them to have to re-authenticate to get back in.  The only way
>I have found so far is to close the browser and let them
>manually open a new connection.  Since I have to support just
>about any browser, I cannot rely on an ActiveX control to
>clean up the security cookie on the client.  Any ideas would
>be GREATLY appreciated.
>
>-Rich
>
>