I do not have access to an identity server for my blazor server side app and am currently using windows authentication where I work for the whole site. Signing in is not a problem but to control signing out and revoking a users authentication (for terminal scenarios) I am having to send them to a custom 401 unauthorized page I have configured in IIS.
Here they are immediately prompted for windows credentials again at an endpoint that will deny them no matter what. This is revoking the user's authentication. Is it possible to bypass this authentication prompt if my site is using windows authentication? After the auth window is closed on the “sign out” endpoint they are then redirected to a login page.
The tester has requested we automatically close the unwanted authentication prompt so they can be instantly redirected to the login page with no user input.Lmk if I can clarify anything this has had me completely stumped and from what I understand not something that IIS was designed to do.
So far the user is directed to my landing page after the windows auth window is closed by the user on my "always deny" endpoint. If I can somehow bypass or automatically close this window that would let me skip needing to create my own authentication. Due to financial constraints I am unable to obtain a Duende license where I work.