There isn't log on - security problem

11-08-2009 6:32 AM |

Hi

It seem like I have some security problem in my Silverlight application. Here is the scenario:

My Silverlight application is hosted under IIS server on a virtual directory. The IIS is configured to a basic authentication mode.

1.     I open my IE on its home page.

2.       I browse to my Silverlight application

3.       The logon of ISS is pop up, I type in my user and password (I’m in a domain)

4.       I’m in the application web site.

5.       Now I browse out of the web site to another web site, for example, yahoo.com

6.       Now I retype my Silverlight web site application address at the http line

7.       I got no logon process and I’m in with the previous credential even though I didn’t actually logged on.

How can I solve it?

Thanks,

Re: There isn't log on - security problem

11-08-2009 7:20 AM |

It's called caching. Try closing your browser and navigating to your Silverlight page again, you'll be prompted with your authentication dialog again. No worries, Windows Authentication just remembers your previous credentials and uses them to automatically login.

Re: Re: There isn't log on - security problem

11-10-2009 6:50 AM |

so, how can I clear the data(username & password) from the windows authentication.because I want that every once it will enter with another user.

Re: Re: There isn't log on - security problem

11-10-2009 8:49 AM |

 It seems, you can't because you can't predict when user enters new website's address

BTW

you  can decrease the session time out

Re: Re: Re: There isn't log on - security problem

11-11-2009 5:48 AM |

Maybe you can try clearing the username / password in the applicaiton exit event?

http://www.silverlightshow.net/tips/How-to-handle-Silverlight-application-exit.aspx