Re: client authentication

From: Stephen L Nicoud (nicouds_at_hotmail.com)
Date: 05/18/03

Next message: Vince De Mello: "Password protecting folder"
Previous message: Stephen L Nicoud: "Re: client authentication"
In reply to: Crimson Star: "Re: client authentication"
Next in thread: Stephen L Nicoud: "Re: client authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 17 May 2003 19:27:20 -0400

Just to clarify, the pop-up only pop up when the credentials, if any, are not sufficient to provide access to the requested resource. This typically will only occur once in a browser session. Once provided by the user the browser caches the credentials and submits with future resource requests. So the user does not, typically, get prompted to provide credentials on every request for a protected resource, just the first attempt to any protected resource at that website.

"Crimson Star" <crimson.star@nospam.gov.ab.ca> wrote in message news:#BeWAh$GDHA.432@TK2MSFTNGP12.phx.gbl...
> The Client Authentication box will only pop up if the website is using Basic
> Authentication or Windows Authentication. If you are using Basic
> Authentication, the box will always pop up. If you are using Windows
> Authentication, the server will try to authenticate you in the background,
> but if the authentication fails then the box will pop up.
>
> SSL is independant from authentication, although it is often used with Basic
> Authentication to protect the user's name and password which are transmitted
> in clear text.
>
> --
> Crimson Star, MCSE
> Technical Webmaster
> Alberta Corporate Service Centre
> Government of Alberta
>
> "Larry" <anonymous@devdex.com> wrote in message
> news:u7prvVwGDHA.2204@TK2MSFTNGP10.phx.gbl...
> >
> > I've been to many sites that are SSL and the Client Authentication box
> > does not come up. How does the browser uniquely identify a site as
> > needing a client certificate?
> >
> > P.S. I know how this is set up server side, but I need a way to
> > identify when the "Client Authentication" box will pop up in a client
> > side application (a Browser Helper Object - if that helps any).
> >
> > Larry
> >
> > *** Sent via Developersdex http://www.developersdex.com ***
> > Don't just participate in USENET...get rewarded for it!
>
>

Next message: Vince De Mello: "Password protecting folder"
Previous message: Stephen L Nicoud: "Re: client authentication"
In reply to: Crimson Star: "Re: client authentication"
Next in thread: Stephen L Nicoud: "Re: client authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NEWS] The Dos and Donts of Client Authentication on the Web
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Client authentication has been a continuous source of problems on the Web. ... for providing authentication secure against a range of adversaries. ...
(Securiteam)
Re: VPNing with L2TP/IPSec
... Technically the RRAS doesn't need a server authentication certificate, ... failure even though a client authentication certificate exists. ...
(microsoft.public.isa.vpn)
Re: client authentication
... The Client Authentication box will only pop up if the website is using Basic ... Authentication or Windows Authentication. ... > side application (a Browser Helper Object - if that helps any). ...
(microsoft.public.inetserver.iis.security)
multi domain
... I have some problem in setting up krb5.conf for client authentication. ... Principals that belongs to A.COMPANY.COM are authenticated (kinit ... For those who are not authenticated kinit returns "Client not found in ...
(comp.protocols.kerberos)
Re: Authentification vs Encryption in a system to system interface
... > While the above is true, the persons in the original article ... > appeared to be discussing Client Authentication and Authorization ... > rather than Server Authentication. ...
(comp.security.misc)