Re: dynamically requesting windows authentication on a resource

From: Chris Crowe [MVP] (IISMVP2005_at_iisfaq.homeip.net)
Date: 08/29/05

Next message: Craig Vedur: "Re: Does 'IsInRole()' check against Active Directory groups?"
Previous message: Stephen Noronha: "Security Warning"
In reply to: z f: "dynamically requesting windows authentication on a resource"
Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: dynamically requesting windows authentication on a resource"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: dynamically requesting windows authentication on a resource"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Aug 2005 07:12:27 +1200

Although you can dynamically request authentication by setting a 401 Status
and also a WWW-Authenticate header you will not be able to process these I
would think. What will you do with the NTLM hash that is produced?

Why do you want to do this?

This is a set of headers that IIS returns when a user requests an NTLM page.
But if IIS is not configured to accept the NTLM header I do not know what
happens.

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Mon, 29 Aug 2005 19:10:54 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: close
Content-Length: 4431
Content-Type: text/html

-- 
Cheers
Chris
Chris Crowe [IIS MVP]
http://blog.crowe.co.nz
"z f" <dont@send.mails> wrote in message 
news:e3k2rQ7qFHA.2648@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I have a asp.net web application, and in one of my pages I would like to 
> be able to request windows authentication on the fly, without the page 
> configured for windows authenticatino in IIS.
>
> is this possible using some http header / return value?
>
> i can surely mimic IIS behavior returning access denied, but a key should 
> be added and IIS have to accept the credentials of the client.
>
> TIA.
>
>

Next message: Craig Vedur: "Re: Does 'IsInRole()' check against Active Directory groups?"
Previous message: Stephen Noronha: "Security Warning"
In reply to: z f: "dynamically requesting windows authentication on a resource"
Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: dynamically requesting windows authentication on a resource"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: dynamically requesting windows authentication on a resource"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: HTTP_AUTHORIZATION header
... I use WFetch to make a Basic authenticated POST request against my CGI EXE ... Nitpick on your stated understanding of authentication protocols - ... header is not expected for every request for NTLM ...
(microsoft.public.inetserver.iis.security)
Re: HTTP_AUTHORIZATION header
... authentication sequence. ... this in your setup by directly accessing the CGI EXE a couple of timems. ... i.e. the HTTP_AUTHORIZATION header gets sent every time ... I use WFetch to make a Basic authenticated POST request against my CGI ...
(microsoft.public.inetserver.iis.security)
Re: HTTP_AUTHORIZATION header
... HTML file from one virtual directory, and then immediately execute a CGI from ... Authentication happens when I request the HTML ... header is not expected for every request for NTLM ...
(microsoft.public.inetserver.iis.security)
Re: Where is the user impersonation token stored?
... Can you explain a little more with respect to IIS? ... User requests a restricted page and the Windows popup dialog appears so ... When an HTTP request is finished and the response is sent back to the client ... Where does IIS (or some ISAPI authentication filter/extension) get ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: IIS 5.0 Windows Authenticion/NT Challenge Response
... The first response looks like it was for a request made to a vdir that has ... anonymous authentication enabled on IIS. ... you could have anonymous authentication enabled. ...
(microsoft.public.inetserver.iis.security)