I’m new in asp.net world. I’m building asp.net mvc 4 web application. It has basic http authentication. At the beginning it ask user name and password. After authentication it start some view. During debug if successfully authenticated and continue debugging
to some other view/controller. If I stop debugging or app crashes. For the next debug run it never prompt me for authentication. It takes to the view which comes after authentication. I suppose it caches my authentication from previous run. I try to find solution
from net and found many suggestion such as :-
- Restart iis
- Remove cache files from c:WindowsMicrosoft.NETFrameworkv4.0.30319 and C:UsersuserAppDataLocalTempTemporary ASP.NET Files
- Modify web.config and rebuild, then lunch
- Remove browser cache.
- Even restart pc doesn’t help-
I tried all nothing is working. As I’m new I’m not sure is my web.config file has right configuration for HTTP basic authentication. Here it is:-
<system.web> <compilation debug="true" targetFramework="4.5.1" /> <httpRuntime targetFramework="4.5.1" /> <identity impersonate="true" /> <authentication mode="Forms"> <forms loginUrl="~/Account/Login" > </forms> </authentication> </system.web>
My environment windows 7, iis 7.5, visual studio 2012. Please advise me how can force authentication every time or start as in initial state. Thanks in advance!
As you are using form authentication ,an authentication cookie is set for some time period.hence you are not getting login prompt. if clear the browser cookie,it should ask for log in
In normal scenario, your form authentication cookie should expire with timeout or browser close (not just tab). You might want to investigate your cookie drop code that you are not setting it to persistent to true.
Should be similar to this.
How do you remove browser’s cache? Based on my test, I can’t reproduce that scene.
Please close all browser and clean your project, then try it again.
You can manipulate the HttpResponse object:
Response.AppendHeader("Connection", "close"); Response.StatusCode = 0x191; Response.Clear(); Response.End();
This will force a 401 (unauthorized) page to your browser, which will then show the Login popup again
Have a look at the following article for some background information: