HOWTO: Clear Logon Credentials to Force Reauthentication
ID: Q195192
|
The information in this article applies to:
-
Microsoft Visual InterDev, version 6.0
-
Microsoft Visual Basic Learning, Professional, and Enterprise Editions for Windows, version 6.0
SUMMARY
This article demonstrates how to use an ActiveX Control written in Visual
Basic 6.0 to flush the credentials of an authenticated Web user. This
technique applies to Web sites that use Basic authentication and Internet
Explorer 4.x.
MORE INFORMATION
Creating the ActiveX Control
- Open a new ActiveX Control in Visual Basic.
- Name the Project browser, name the user control "logoff."
- Double-click the user control, and paste the following code into the
General Declarations area:
Const INTERNET_OPTION_END_BROWSER_SESSION = 42
Private Declare Function InternetSetOption Lib "wininet.dll" Alias
"InternetSetOptionA" _
(ByVal hInternet As Long, ByVal lOption As Long, ByRef sBuffer As
Any, ByVal lBufferLength As Long) As Integer
Public Function flushCredentials() As Integer
Dim h As Integer
h = InternetSetOption(0, INTERNET_OPTION_END_BROWSER_SESSION,
0, 0)
flushCredentials = h
End Function
- Save your project.
- Make the .ocx file. You now have an ActiveX Control that has a public
function and will clear the credentials that were used to obtain access
to a site when it is called.
- Prepare the ActiveX Control for Internet distribution. To package the
ActiveX Control for distribution over the Internet, you need to use the
Packaging and Deployment add-in in Visual Basic 6.0 to make a CAB file.
Creating a Web Site to Test the ActiveX Control
- Create a folder under your Web root, typically C:\Inetpub\Wwwroot.
- Using either the Microsoft Management Console or Internet Services
Manager, set the security method to allow only Basic Authentication.
- Create a Web page named Test1.htm that is located in the folder created
in step 1 using the following code:
<HTML>
<BODY>
<SCRIPT language=javascript>
<!--
var obj1 = new ActiveXObject("browser.logoff")
//-->
</SCRIPT>
<br>
<INPUT type="button" value="Click to Logoff" id=button1 name=button1>
<SCRIPT for=button1 event=onclick LANGUAGE=javascript>
<!--
var x = obj1.flushCredentials();
window.navigate("test1.htm");
//-->
</SCRIPT>
</BODY>
</HTML>
- Open Internet Explorer on the computer where you created the ActiveX
Control and go to the sample page (Test1.htm). The test is successful
if:
- You were presented with a log on dialog box after you requested the
page.
- After you click the Click to Logoff button, you are presented with an
authentication dialog box that does not contain the username or
password from the previously authenticated user.
Making the ActiveX Control Available to Everyone Who Requests the Page
- Replace the script containing the "new ActiveXObject" with an HTML
object tag containing an ID tag set equal to obj1. The object tag should
include the clsid of the Browser.ocx, and a codebase with the URL to the
Browser.ocx file.
- In Visual Basic 6.0, open the Browser.ocx project, and click Debug.
Visual Basic will open up a Web page that is hosting the ActiveX
Control. View the source of the Web page. Now you have 90% of the
<object> tag required to create the object. To finish the object tag,
add a codebase=, and supply a URL to the location where you intend to
put the ActiveX Control to distribute the ActiveX Control.
- In Visual InterDev 6.0, open the Web project created in step 1 of the
previous section, "Creating the Sample Web Site." Right-click on the
toolbar, and select customize toolbox. Click the ActiveX Control tab,
and select the Browser.logoff check box. You should see an ActiveX
Control in the ActiveX toolbar named "logoff." Click on the logoff
control, and drag it onto your page, Test1.htm. If you view the runtime
text, you should see the object tag. Add an ID property to Test1.htm
with a value of obj1, and add a codebase property to it to supply the
object with a URL to download the control from. The object tag should
look something like the following:
<OBJECT classid="clsid:7890D0A4-62F1-11D2-8D55-00C04FB9D8A6" id=obj1
codebase="http://path/browser.cab" style="LEFT: 0px; TOP: 0px"
VIEWASTEXT>
<PARAM NAME="_ExtentX" VALUE="11404">
<PARAM NAME="_ExtentY" VALUE="8731"></OBJECT>
To test this code, go to a different computer with Internet Explorer
installed, and request the sample page, Test1.htm.
Troubleshooting
When you see an error message stating that the object does not support this
method or property, this typically occurs because the object was not marked
as safe for scripting. To solve problem, manually configure the security on
Internet Explorer to prompt for Initialize and Script ActiveX controls not
marked as Safe. The better way to handle this would be to include code in
the sample that marks the control as safe for scripting. For additional
information, please see the following article in the
Microsoft Knowledge Base:
Q182598 HOWTO: Implement IObjectSafety in Visual Basic Controls
NOTE: You might be prompted to restart your computer after the first time
the control in downloaded.
Keywords : kbIE400 kbIE401 kbSecurity kbVBp600 kbVisID600 kbGrpASP
Version :
Platform :
Issue type : kbhowto
Last Reviewed: May 6, 1999