Set Windows authentication timeout at runtime

Is there a way top specify the authenticati开发者_开发百科on timeout for an Asp.Net application using windows authentication?

In my scenario the user logged into Windows does not have permission to the web application so the browser prompts them for a different set of Active Directory credentials. Assuming they don't tick the "Remember my credentials" check box I'd like to be able to set how long the user will stay authenticated for.

This will not be possible from ASP.NET configuration.

As such, windows authentication may use Kerberos or NTLM. AFAIK, NTLM is connection based and connection life-time decides authentication scope. For kerberos, a time-bound token is issued. The token time-out is generally small (say few minutes) and is dependent upon the setup.

Perhaps you should explain the the specific need to set the windows authentication time-out (because typically, time-outs are designed to avoid replay attacks and underlying windows authentication as such take care of them so there is hardly any need to do something at application level).