I have an ASP.NET MVC 3 application that is using windows authentication, configured in

Question

0

Asked: June 16, 20262026-06-16T02:55:35+00:00 2026-06-16T02:55:35+00:00

I have an ASP.NET MVC 3 application that is using windows authentication, configured in

0

I have an ASP.NET MVC 3 application that is using windows authentication, configured in IIS 7.5. It prompts the user for their Windows Credentials when they first load the
page.

Now, I want to have the “session” timeout in XX minutes, so that the page
will again prompt them for their credentials if this timeout has elapsed.

I have tried setting the “Session.timeout = XX” in the page_load method of
the page I want to secure.

I notice that the “Session_End” method in Global.Asax does fire, but the
Authentication Ticket appears to “stay valid” even after the Session has
ended.

Is there a way to force the page to prompt again for Windows Credentials at
specified timeouts either by changing configurations in Web.Config or thru IIS?

Please let me know.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T02:55:37+00:00

Editorial Team

2026-06-16T02:55:37+00:00Added an answer on June 16, 2026 at 2:55 am

You don’t have control over the allowed session duration when using Windows Authentication, as this is part of the authentication protocol (Kerberos). There are ways and workarounds, but none of them straightforward.

It seems that forcing a client-side document.execCommand("ClearAuthenticationCache"); might come closest to your needs.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have an ASP.NET MVC 3 application that is using windows authentication, configured in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply