Thanks guys, you both helped out. Here's what I did:
I kept an aspx:button for my Sign Out and left it in the navbar. This allows
me to capture the click event and use the FormsAuthentication.SignOut() method
to kill the ticket. Then in that same event handler I call Response.Redirect("login.aspx")
to go to my login page, which incidentally IS a dedicated standalone aspx
page. In the <authentication> part of web.config I use "loginUrl="login.aspx"
so that any unauthenticated user gets sent their right away.
When the user clicks the Sign Out button, it kills the ticket and calls the
login.aspx redirect. Previously, this would have loaded it only in the navbar
frame. But now in the login.aspx HTML code I have added this code: <body
onload="TopLoad()"> so that when the login page load it calls the javascript
function as shown here:
function TopLoad()
{
if (window.top != window.self)
{
window.top.location="login.aspx";
}
}
Essentially, what this does is it says "okay, if the current frame is not
the entire browser, then load the login page into the complete browser.
By doing the If window.top != window.self, I avoid the recursive loop of
always reloading itself each time it starts to load.
Excellent, thanks for the input! Hope this helps others out too.