We are working on a .NET project, which is a web-based application (using ASP.NET ). Our project demands Windows Authentication, In IIS we are using Integrated Windows Authentication and in webconfig file:

<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
<customErrors defaultRedirect="ApplicationError.aspx" mode="RemoteOnly" />


The user will get authenticated when he enters the URL and when user clicks on Logout Button in the Menu ( its an .ascx control ) his credentials should clear off I mean after logout if user tries to go back or clicks on Login again it should prompt for the Authentication Window.

Note: we are not using any Session/Cache variables in the application.