是否有相当于 IE 的 ClearAuthenticationCache 的浏览器? [英] Is there a browser equivalent to IE's ClearAuthenticationCache?

问题描述

我这里有一些内部 .net Web 应用程序，需要用户注销"它们.我知道这在 Intranet 应用程序上似乎没有实际意义，但它确实存在.

I have a few internal .net web application here that require users to "log out" of them. I know this may seem moot on an Intranet application, but nonetheless it is there.

我们对我们的 Intranet 应用程序使用 Windows 身份验证，因此我们通过基本身份验证与我们的 Active Directory 相关联，并且凭据存储在浏览器缓存中，而不是使用 .net 表单身份验证时的 cookie.

We are using Windows authentication for our Intranet apps, so we tie in to our Active Directory with Basic Authentication and the credentials get stored in the browser cache, as opposed to a cookie when using .net forms authentication.

在 IE6+ 中，您可以通过执行以下操作来利用他们创建的特殊 JavaScript 函数:

In IE6+ you can leverage a special JavaScript function they created by doing the following:

document.execCommand("ClearAuthenticationCache", "false")

但是，对于要支持的其他浏览器(目前是 Firefox，但我争取多浏览器支持)，我只是向用户显示他们需要关闭浏览器才能退出的消息应用程序，它有效地刷新应用程序缓存.

However, for the other browsers that are to be supported (namely Firefox at the moment, but I strive for multi-browser support), I simply display message to the user that they need to close their browser to log out of the application, which effectively flushes the application cache.

有谁知道一些命令/黑客/等.我可以在其他浏览器中使用它来刷新身份验证缓存吗?

Does anybody know of some commands/hacks/etc. that I can use in other browsers to flush the authentication cache?

推荐答案

我想出了一个看起来相当一致但很笨拙的修复方案，我还是不满意.

I've come up with a fix that seems fairly consistent but is hacky and I'm still not happy with it.

它确实有效:-)

1) 将它们重定向到注销页面

1) Redirect them to a Logoff page

2) 在该页面上触发一个脚本来使用 ajax 加载另一个带有虚拟凭据的页面(jQuery 中的示例):

2) On that page fire a script to ajax load another page with dummy credentials (sample in jQuery):

$j.ajax({
    url: '<%:Url.Action("LogOff401", new { id = random })%>',
    type: 'POST',
    username: '<%:random%>',
    password: '<%:random%>',
    success: function () { alert('logged off'); }
});

3) 第一次应该总是返回 401(强制传递新凭据)，然后只接受虚拟凭据(MVC 中的示例):

3) That should always return 401 the first time (to force the new credentials to be passed) and then only accept the dummy credentials (sample in MVC):

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult LogOff401(string id)
{
    // if we've been passed HTTP authorisation
    string httpAuth = this.Request.Headers["Authorization"];
    if (!string.IsNullOrEmpty(httpAuth) &&
        httpAuth.StartsWith("basic", StringComparison.OrdinalIgnoreCase))
    {
        // build the string we expect - don't allow regular users to pass
        byte[] enc = Encoding.UTF8.GetBytes(id + ':' + id);
        string expected = "basic " + Convert.ToBase64String(enc);

        if (string.Equals(httpAuth, expected, StringComparison.OrdinalIgnoreCase))
        {
            return Content("You are logged out.");
        }
    }

    // return a request for an HTTP basic auth token, this will cause XmlHttp to pass the new header
    this.Response.StatusCode = 401; 
    this.Response.StatusDescription = "Unauthorized";
    this.Response.AppendHeader("WWW-Authenticate", "basic realm="My Realm""); 

    return Content("Force AJAX component to sent header");
}

4) 现在浏览器已经接受并缓存了随机字符串凭据.当他们访问另一个页面时，它会尝试使用它们，失败，然后提示正确的.

4) Now the random string credentials have been accepted and cached by the browser instead. When they visit another page it will try to use them, fail, and then prompt for the right ones.

这篇关于是否有相当于 IE 的 ClearAuthenticationCache 的浏览器?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！