Looking for a cross-browser way to log a user off a webpage which uses windows authentication.
Closing the browser is the only cross browser way I've found to do that. This is one of the reasons that we had to switch to using Forms authentication.
There is not an ultimate solution. This is a known limitation of all types of www authentications.
You can send a fake unauthorized answer to request password again. This approach may help you to simulate logoff.
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate", "Negotiate"
Response.AddHeader "WWW-Authenticate", "NTLM"
What is the point of logging the user out? Do you want them to have to close the browser and go to the site again and be automatically logged in?
If it is just a purely visual fake out, then I would use a cookie to indicate if the user needs to be shown the login screen or not. It would have nothing to do with Authentication or Authorization, just purely an indicator of if they are "logged in".
What happens when they are logged off and go to the login screen? Do you want them to actually have to enter their credentials at that point? What is the "Log in after Log out" user story?