I am working on a Intranet application where I would like to have users authenticated each time they submit a request. This application is for a problem logging system where the web page would be displayed in a "public" area and I want to verify that certain users (NT Domain) are conducting certain transactions. Since multiple people would be using the same system I need to reset, or flush the Request.ServerVarriable("LOGON_USER"). I plan on using Response.Status = "401 Unauthorized" to force the logon prompt, which will force the page to re-submit. At that point I need to check Request.ServerVarriable("LOGON_USER") to see if the it is set. If so I can then use the PermissionChecker to test the user against a file and then add the data to a database.

if (Request.ServerVarriables("LOGON_USER") = "") Then
       Response.Status = "401 Unauthorized"
Else
       if (objChecker.HasAccess(MyTestFile) Then
           ' Need to reset the LOGON_USER
           ' Process values submitted and add to database table.
       Else
           ' return error message
       End if
End if

How can I force the browser to not resend the same user credentials? Is there a header that can be set. I have tried, Status 2XX, Expire = -1 etc.

Thanks