Client Certificate Request on demand

Great info...

 

 

You might also be able to send a 401 to force a clearing of the auth cache:

 

 

http://www.adopenstatic.com/cs/blogs/ken/archive/2005/04/12/14.aspx

 

 

In the past I would have recommended one of three strategies:

 

 

* Programmatically send a 401 HTTP status to the client (e.g. Response.Status = 401)

 

* Redirect a user to http://fakeuser:wrongpassword@www.yoursite.com (this doesn't work with patched IE6 anymore). Since fakeuser/wrongpassword isn't a valid Windows account, the user will be prompted to enter valid credentials

 

* Use the client-side ActiveX control described in KB 195192

 

 

With the exception of the first option (setting the Response.Status), the methods are mostly ugly hacks IMHO.

 

 

Now, we have a new way of clearing the IE authentication cache. Beginning with IE6 SP1 the following piece of javascript code will clear IE's credentials cache. Note, that this will clear the credentials cache for the entire iexplore.exe process, so users will be forced to re-authenticate to any site being accessed by that process (in case they have multiple windows open pointing to multiple websites):

 

 

// Clear current credentials

 

// Requires IE6 SP1 or later

 

document.execCommand(ClearAuthenticationCache, false)

 

 

More information can be found in MSDN: ClearAuthenticationCache (Click here) and execCommand (Click here)

 

 

I am not sure whether any of these options would work for non-IE browsers. I searched for any kind of server-side method for forcing any type of browser to delete it's SSL cache for a particular site, but couldn't find anything.

 

 

Aaron