Windows Authentication with Authorization tags for certain ASP.NET pages

I am developing an intranet asp.net application. We will be using Windows authentication, so the authentication mode is set to windows in web.config.

I want to restrict some pages to only certain users so I am using the tag with the tag to allow/deny certain users.

Scenario :

User1 is not allowed access to page "Reports.aspx" (this page has restricted access using the authorization tag in web.config)

User2 is allowed access to this page. Both of them are in the MYCOMPANY domain.

When User1 tries to access this page he is shown a credentials popup - he will enter the details of "User2" since user2 is allowed access ; subsequently, user1 is now able to access this page(by using user2's details).

Now user1 goes back to some other page which is not restricted by authorization tag. Lets say he goes to homepage. Now again from homepage, he will try to access Reports.aspx. At this point logically speaking, again a prompt for login credentials must come up . But instead no popup comes up and the user1 is allowed access to REports page.

I decided to check the username using HTTPContext.Current.User.Identity.Name in this scenario. When the user1 is trying to access Reports.aspx for second time(after having logged in successfully first time) his credentials are being stored in the browser(I guess) because this time around, when the page loads, the credentials show up as User2 in code behind.

H开发者_开发百科ow to prevent this and force a login prompt every time for this page ?

Guess I was a n00b back when I asked this.

For the benefit of people who might have faced a scenario - when you login again, the original credentials are no longer maintained and ASP.NET always recognizes you as the User2 hereafter.