Re: Problem establishing SSL connection in code-behind

On Jan 3, 5:32 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
What you are seeing is a standard NTLM request/response pattern. Normally
with NTLM, the browser does a GET and the server responds with 401 and a
WWW-Authenticate header with a challenge. The browser then does the GET
again with a responding Authorization request header and the server responds
with 200 if the browser's response is accepted. Kerberos auth looks a
little different because it can preauthenticate.

Based on what I see here, it looks like NTLM worked ok from wfetch. You
might try with Negotiate auth selected to allow the possibility of Kerberos
and not just NTLM. Kerberos will only work if there is a valid SPN
registered in AD for that hostname though (and the DC can be contacted by
the client to get a Kerb ticket).

As to why your code is getting a timeout now, I don't know. The fact that
it used to get something different and is now timing out doesn't make a lot
of sense.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net

OK, thank you. Are you suggesting that NTLM is different from
Integrated Windows Authentication? (The remote web site uses
Integrated Windows Authentication). I thought they are the same, NTLM
is only an old terminology.

I did try using Negotiate, and the result is different: It gives an
401 unauthorized message, and the hola, amigo webpage is not shown.
.

Relevant Pages

  • Re: Integrated Windows Authentication Timeout?
    ... Do you see anything different for the NTLM requests? ... You might consider enabling protocol transition authentication since you are ... Joe Kaplan-MS MVP Directory Services Programming ... server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... Is it possible that a different host name is being used for one of the subsequent requests that would break Kerberos auth? ... If you have "Negotiate" authentication set in the metabase, then this can still negotiate down to NTLM if for some reason the protocol thinks that Kerberos is unavailable. ... server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: "The page cannot be displayed" for non domain users
    ... The Wfetch utility is able to get true. ... The first atemp returns the page I get in the IE. ... When I use IE I never get the NTLM authentication window: ... Server: Microsoft-IIS/6.0\r\n ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS6, Integrated Windows Auth, and IE6 Integrated Windows Auth
    ... on your server, modifying its behavior, and causing the issue. ... do you feel that there is an issue with NTLM ... > application -- after IIS has successfully authenticated with NTLM -- so it ... > is an application issue and not with IIS6, Integrated Authentication, nor ...
    (microsoft.public.inetserver.iis)
  • RE: sshd for windows
    ... >NTLMv2 is an encryption method. ... Microsoft Telnet uses NTLM to encrypt the ... This means the only client that can access the server is the ... What’s NTLM? ...
    (Security-Basics)
Quantcast