Compartir a través de

Programmatically clear IE 6 SP1's cached credentials

  • Artículo

If you're using IE6 SP1 with Outlook Web Access (or
any web application that uses HTTP authentication), you don't need to have forms-based
authentication enabled or an ActiveX
control installed in order to make clicking logoff really log you off. There's
a new script call in IE6 SP1 that can clear cached credentials programmatically. It
is actually an entrypoint to the existing WinINET API mentioned in the above ActiveX
article. We convinced the IE team that this entrypoint was needed, and they added
it for us in SP1.

This only works if the user is prompted for username/password,
such as with basic credentials. In that case, the credentials are cached in the browser
process, so as long as that instance of the browser (iexplore.exe) is running, the
user won't be prompted for credentials for that site again. If you're logged into
the domain and using Windows Integrated Authentication, the client isn't prompted
for credentials and they aren't cached - the browser and server will re-negotiate
the authentication on new connections as needed.

Open logoff.asp (from Program Files\Exchsrvr\Exchweb\Bin\Auth\USA)
and you'll see how this is done:

    document.execCommand("ClearAuthenticationCache","false");

You could add this call to the logoff.asp page in Exchange
2000 SP2 if desired, but keep in mind that updates to Exchange (such as service packs)
may overwrite the logoff.asp and your changes would be lost. For more information
on customizing OWA, see this white
paper.

Comments

  • Anonymous
    January 14, 2004
    The function is great, but logoff using OWA 2003 on IE6SP1 takes a long time to log off as oppose to logoff screen pops right up for IE5. Most IE6SP1 users would close the window without waiting or worse, they start calling tech support thinking something is wrong with OWA.
  • Anonymous
    January 15, 2004
    The comment has been removed
  • Anonymous
    January 15, 2004
    For a Windows 2000 Server, IE5, I was able to log off nearly instaneously from OWA 2003. After the reboot of IE6 SP1 upgrade, I tried it and it takes about 45 seconds to log off (from the time I click logoff button to the "You have been logged off" screen comes up)
  • Anonymous
    January 16, 2004
    I think there's something else going on on that server/client/network that's causing the problem, it's not universal to logoff in OWA 2003. I would recommend first seeing if other ASPs take a long time to load (such as http://server/exchweb/bin/auth/owalogon.asp if forms-based authentication is enabled).
  • Anonymous
    March 03, 2004
    We also had this slow logoff problem and found
    that it was related the S/MIME capability checking done in OWA 2003. Our logoffs under
    forms-based authentication were taking of the order of a minute. If in the \serverExchsrvrexchwebbinauth<language>logon.asp

    file we comment out the body of the isSMimeCapable function and left just isSMimeCapable = false

    the logoff in near instantaneous. My recollection is that if the S/MIME control, from the OWA 2003 options page, was installed the problem did not manifest itself.
  • Anonymous
    March 03, 2004
    Lee, thanks for figuring this out. I checked with someone and it turns out we fixed this in SP1. No, I don't have a ship date for SP1 at this time =)