KC Lemson

By KC Lemson [MS]

Blogs

Programmatically clear IE 6 SP1's cached credentials

  • Comments 6
  • Likes

If you're using IE6 SP1 with Outlook Web Access (or any web application that uses HTTP authentication), you don't need to have forms-based authentication enabled or an ActiveX control installed in order to make clicking logoff really log you off. There's a new script call in IE6 SP1 that can clear cached credentials programmatically. It is actually an entrypoint to the existing WinINET API mentioned in the above ActiveX article. We convinced the IE team that this entrypoint was needed, and they added it for us in SP1.

This only works if the user is prompted for username/password, such as with basic credentials. In that case, the credentials are cached in the browser process, so as long as that instance of the browser (iexplore.exe) is running, the user won't be prompted for credentials for that site again. If you're logged into the domain and using Windows Integrated Authentication, the client isn't prompted for credentials and they aren't cached - the browser and server will re-negotiate the authentication on new connections as needed.

Open logoff.asp (from Program Files\Exchsrvr\Exchweb\Bin\Auth\USA) and you'll see how this is done:

    document.execCommand("ClearAuthenticationCache","false");

You could add this call to the logoff.asp page in Exchange 2000 SP2 if desired, but keep in mind that updates to Exchange (such as service packs) may overwrite the logoff.asp and your changes would be lost. For more information on customizing OWA, see this white paper.

Comments
  • The function is great, but logoff using OWA 2003 on IE6SP1 takes a long time to log off as oppose to logoff screen pops right up for IE5. Most IE6SP1 users would close the window without waiting or worse, they start calling tech support thinking something is wrong with OWA.

  • I'm using IE6 Sp1 and logoff is near instantaneous, so I suspect that the slowness you're encountering is due to something else. Off the top of my head, I don't know what that could be, does the logon ASP take so long to load as well?

  • For a Windows 2000 Server, IE5, I was able to log off nearly instaneously from OWA 2003. After the reboot of IE6 SP1 upgrade, I tried it and it takes about 45 seconds to log off (from the time I click logoff button to the "You have been logged off" screen comes up)

  • I think there's something else going on on that server/client/network that's causing the problem, it's not universal to logoff in OWA 2003. I would recommend first seeing if other ASPs take a long time to load (such as http://server/exchweb/bin/auth/owalogon.asp if forms-based authentication is enabled).

  • We also had this slow logoff problem and found
    that it was related the S/MIME capability checking done in OWA 2003. Our logoffs under
    forms-based authentication were taking of the order of a minute. If in the \\server\Exchsrvr\exchweb\bin\auth\<language>\logon.asp

    file we comment out the body of the isSMimeCapable function and left just isSMimeCapable = false

    the logoff in near instantaneous. My recollection is that if the S/MIME control, from the OWA 2003 options page, was installed the problem did not manifest itself.

  • Lee, thanks for figuring this out. I checked with someone and it turns out we fixed this in SP1. No, I don't have a ship date for SP1 at this time =)