Re: dynamically requesting windows authentication on a resource

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 08/30/05 

Date: Mon, 29 Aug 2005 23:13:14 -0500

You can definitely handle your own basic auth though. It is very "basic".
:)

However, this is not a good idea without SSL in the mix.

Joe K.

"Chris Crowe [MVP]" <IISMVP2005@iisfaq.homeip.net> wrote in message
news:ei99Z2MrFHA.2588@tk2msftngp13.phx.gbl...
> Although you can dynamically request authentication by setting a 401
> Status and also a WWW-Authenticate header you will not be able to process
> these I would think. What will you do with the NTLM hash that is produced?
>
> Why do you want to do this?
>
> This is a set of headers that IIS returns when a user requests an NTLM
> page. But if IIS is not configured to accept the NTLM header I do not know
> what happens.
>
> HTTP/1.1 401 Access Denied
> Server: Microsoft-IIS/5.1
> Date: Mon, 29 Aug 2005 19:10:54 GMT
> WWW-Authenticate: Negotiate
> WWW-Authenticate: NTLM
> Connection: close
> Content-Length: 4431
> Content-Type: text/html
>
> --
> Cheers
>
> Chris
>
> Chris Crowe [IIS MVP]
> http://blog.crowe.co.nz
>
>
> "z f" <dont@send.mails> wrote in message
> news:e3k2rQ7qFHA.2648@TK2MSFTNGP10.phx.gbl...
>> Hi,
>>
>> I have a asp.net web application, and in one of my pages I would like to
>> be able to request windows authentication on the fly, without the page
>> configured for windows authenticatino in IIS.
>>
>> is this possible using some http header / return value?
>>
>> i can surely mimic IIS behavior returning access denied, but a key should
>> be added and IIS have to accept the credentials of the client.
>>
>> TIA.
>>
>>
>
>

Relevant Pages

  • Re: httplib/DAV: How to respond to "WWW-Authenticate: NTLM" ?
    ... Basic AUTH to a MS SharePoint over https server, he responds 'WWW-Authenticate: NTLM' only: ... header: WWW-Authenticate: NTLM ... I simply try repeatedly the same request with Basic Auth header again => The same response requesting 'header: WWW-Authenticate: NTLM' again. ...
    (comp.lang.python)
  • httplib/DAV: How to respond to "WWW-Authenticate: NTLM" ?
    ... In a DAV scheme with PROPFIND or GET and Basic AUTH to a MS SharePoint over https server, he responds 'WWW-Authenticate: NTLM' only: ... header: WWW-Authenticate: NTLM ...
    (comp.lang.python)
  • experiment supports concept of using host header names as securit y layer
    ... ISAPI filters can't evaluate a request until a virtual site has been ... selected and its set of running ISAPI filters has become known to the IIS ... As a quick experiment in using a host header name as a security device, ...
    (Focus-Microsoft)
  • Re: How can I set "remote_user" in ISAPI filter/Extension?
    ... No. Server Variables are read-only entities representative of the ... would IIS want to parse the Authorization header for anonymous auth? ... Clients make Anonymous request ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cannot resolve KDC error 11
    ... > Services (IIS) is not enabled for both Kerberos and NTLM authentication. ... > Regarding how to configure IIS to support both Kerberos and NTLM ...
    (microsoft.public.windows.server.sbs)