Clearing a LOGON_USER
I am working on a Intranet application where I would like to have users authenticated each time they submit a request. This application is for a problem logging system where the web page would be displayed in a "public" area and I want to verify that certain users (NT Domain) are conducting certain transactions. Since multiple people would be using the same system I need to reset, or flush the Request.ServerVarriable("LOGON_USER"). I plan on using Response.Status = "401 Unauthorized" to force the logon prompt, which will force the page to re-submit. At that point I need to check Request.ServerVarriable("LOGON_USER") to see if the it is set. If so I can then use the PermissionChecker to test the user against a file and then add the data to a database.
if (Request.ServerVarriables("LOGON_USER") = "") Then
Response.Status = "401 Unauthorized"
Else
if (objChecker.HasAccess(MyTestFile) Then
' Need to reset the LOGON_USER
' Process values submitted and add to database table.
Else
' return error message
End if
End if
How can I force the browser to not resend the same user credentials? Is there a header that can be set. I have tried, Status 2XX, Expire = -1 etc.
Thanks
|