Does NTLM support PreAuthentication?

From: Jon (NOSPAMgo_bills_at_hotmail.com)
Date: 06/25/03 

Date: Wed, 25 Jun 2003 10:52:44 -0700

SCENARIO:
I have an ASP.NET application (configured to use Windows Integrated Security
only) that makes a call (using DefaultCredentials and with
PreAuthenticate=true) to a Web Service (configured to use Windows Integrated
Security only). This works fine, with one exception. The call to the Web
Service initially attempts to authenticate as anonymous (costing roughly one
second and producing 401 HTTP status messages in the IIS log) before
succeeding with NTLM and the DefaultCredentials (200 HTTP).

SOME CODE:
The following code (calling "CanPreAuthenticate" on all registered modules)
returns false for every authentication method except "Basic" and "Digest":

// Display registered authentication modules.
using System;
using System.Collections;
using System.Net;
class test
{
    private static void Main()
    {
        // The AuthenticationManager calls all authentication modules
sequentially
        // until one of them responds with an authorization instance. Show
        // the current registered modules.
        IEnumerator registeredModules =
AuthenticationManager.RegisteredModules;
        Console.WriteLine("\r\nThe following authentication modules are now
registered with the system:");
        while(registeredModules.MoveNext())
        {
            Console.WriteLine("\r \n Module :
{0}",registeredModules.Current);
            IAuthenticationModule currentAuthenticationModule =
(IAuthenticationModule)registeredModules.Current;
            Console.WriteLine("\t CanPreAuthenticate :
{0}",currentAuthenticationModule.CanPreAuthenticate);
        }
    }
}

QUESTION:
Does any NTLM authentication-level (i.e. Local Security Policy Setting)
support PreAuthentication or am I stuck with the initial 401 HTTP attempt,
for a non-existent anonymous user, when using only Windows Integrated
Security? I'd really like to lose the initial anonymous authentication
attempt if possible.

Any suggestions would be greatly appreciated!
Jon

Relevant Pages

  • RE: WSE 2.0, smart client, Username authentication, no x.509
    ... web services WSE 3.0 hosts them without a web server for you (read the WSE ... To perform authentication, because your database does not contain user ... the implementation William Stacey has uses Security ... > server where my web service is ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: C# SOAP Authentication to non C# web service
    ... transport security, but this would only be allowed if you were using SSL ... I also have a C# form client consuming the web service, ... fine until I added the authentication on the server, now I can not get the ... to the SOAP message posted from the C# SOAP client. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Web App cant find web service
    ... - if you get the NT Authentication dialog box, ... the Web Service is attainable, ... the DefaultCredentials that your passing in may not work or can not be ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Error using WS-Security
    ... I am getting the following error while implementing authentication using ... "Microsoft.Web.Services2.Security.SecurityFault: The security token could ... public AuthUserToken AuthUserTokenObj; ... Web service client ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: UserName token Access denied smart client
    ... Web service authentication. ... > (Environment SmartClient, calls proxy calls web service, on VS.NET ... > use the usertoken I get through, if I user the security token and the ...
    (microsoft.public.dotnet.framework.webservices.enhancements)