如何告诉Excel / VBA清除安全凭证?

时间:2021-11-11 15:26:31

I have written a VBA plugin for Excel, which provides login/logout functionality to a server.

我为Excel编写了一个VBA插件,它为服务器提供登录/注销功能。

The way I have implemented it is to send a request to a URL on the server, which checks if the user has a session, if it does not, the server sends a 401 on the header response (unauthorised). The 401 response makes Excel automatically pop up the 'windows style' login modal (this comes for free with Excel I guess). I enter my credentials, and the server authenticates the user, and a session is created.

我实现它的方法是向服务器上的URL发送请求,该URL检查用户是否有会话,如果不是,则服务器在报头响应上发送401(未授权)。 401的响应使Excel自动弹出'windows style'登录模式(我想这是免费的Excel)。我输入凭据,服务器对用户进行身份验证,并创建会话。

My problem is now when I try to logout. The server destroys the session as expected. If the user now clicks login again, Excel sends a HEAD request to the server, the server responds with a 401, and Excel then automatically sends the same username and password credentials that were entered by the user before. The user is now logged on again. Just to be clear - this is NOT server side caching, this is Excel resending login credentials, using Basic Authentication in the HTTP Header, after receiving a 401 response.

我现在的问题是当我尝试注销时。服务器按预期销毁会话。如果用户现在再次单击登录,则Excel会向服务器发送HEAD请求,服务器将以401响应,然后Excel会自动发送用户之前输入的相同用户名和密码凭据。用户现在再次登录。只是要清楚 - 这不是服务器端缓存,这是Excel重新发送登录凭据,在HTTP头中使用基本身份验证后,收到401响应。

This is not the expected behaviour, I would not like Excel to store a copy of the credentials, and reuse them time after time. If the user logs out, I would like this to be permanent, until they decide to log in again at which time they should re-enter their credentials.

这不是预期的行为,我不希望Excel存储凭据的副本,并且一次又一次地重复使用它们。如果用户注销,我希望这是永久性的,直到他们决定再次登录,然后他们应该重新输入他们的凭据。

The problem I have is telling Excel/Windows/VBA? to clear whatever it is keeping, wherever it is keeping it. My problem is, I don't really know what the choreography is on the Excel/VBA side, it's functionality that just seemed to come for free, so I do not know where this is stored.

我遇到的问题是告诉Excel / Windows / VBA?清除它所保存的任何东西,无论它在哪里。我的问题是,我真的不知道在Excel / VBA方面的编排是什么,它的功能似乎是免费的,所以我不知道它存储在哪里。

For what it's worth, here is my VBA

值得一提的是,这是我的VBA

 Dim req As MSXML2.XMLHTTP60
 Set req = New MSXML2.XMLHTTP60
 req.Open "GET", url, False
 req.send

1 个解决方案

#1


0  

From this answer:

从这个答案:

myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader(“Cache-Control”, “no-cache”);
oHttp.setRequestHeader(“Pragma”, “no-cache”);
oHttp.setRequestHeader(“If-Modified-Since”, “Sat, 1 Jan 2000 00:00:00 GMT”);
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText

#1


0  

From this answer:

从这个答案:

myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader(“Cache-Control”, “no-cache”);
oHttp.setRequestHeader(“Pragma”, “no-cache”);
oHttp.setRequestHeader(“If-Modified-Since”, “Sat, 1 Jan 2000 00:00:00 GMT”);
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText