Re: Authentication

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/28/04

Next message: Amanda: "spy ware"
Previous message: Ken Schaefer: "Re: Strange Log File Entries"
In reply to: Lance: "Re: Authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Apr 2004 13:55:07 +1000

Everything except the actual request line is encrypted. The line:

GET /mypage.htm HTTP/1.1

is not encrypted. The user credentials are.

Cheers
Ken

"Lance" <nospam@corvascmds.com> wrote in message
news:C6B3F216-228D-497B-9A59-873DB40EBD8F@microsoft.com...
: Guys,
:
: Your discussion is exactly what I am researching. Am I to understand that
if you purchase a SSL certifcate and install it on an INTRANET exposed to
the internet that the subsequent authentication login dialog and password
would be encrypted?
:
: For example https://myExposed.CompanyIntranet.com
:
: ----- anonymous@discussions.microsoft.com wrote: -----
:
: Thanks for the reply
:
: Mike
:
:
: >-----Original Message-----
: >Yes, browse the page in https, when IIS authentication
: kicks in, it will be
: >encrypted. Most browser support basic + ssl
: >>--
: >Regards,
: >Bernard Cheah
: >http://support.microsoft.com/
: >Please respond to newsgroups only ...
: >>>"Mike" <anonymous@discussions.microsoft.com> wrote in
: message
: >news:09d201c3fb0d$e5402a00$a401280a@phx.gbl...
: >> I have a server running IIS 4. It has a certificate
: >> installed and is running SSL on one of my sites. If I
: am
: >> at a page (http) and I make a user authenticate (basic
: >> authentication) the password is sent in plain text. If
: I
: >> am at a page (https) and a user authenticates using
: basic
: >> is the password and username then encrypted?? (NN or IE)
: >> If I go to IE only?
: >>>> Thanks
: >> MIke
: >>>.
: >

Next message: Amanda: "spy ware"
Previous message: Ken Schaefer: "Re: Strange Log File Entries"
In reply to: Lance: "Re: Authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Mixed Mode Authentication in .net 2.0
... There are two parts to SSL, which is why this can be confusing. ... encryption and authentication of the server. ... ADFS supports a component called the federation service proxy which is ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Search not working
... Management>Authentication Providers>Edit Authentication, does not provide the ... ability to indicate whether the web application is using SSL or not. ... I changed IIS Authentication for the web site back to Integrated ... I have installed an SSL certificate and required SSL ...
(microsoft.public.sharepoint.windowsservices)
Re: Can SSL sessions be compromised?
... the proxy machine -- if I enable local cookies for authentication this ... your "SSL server" machine may be trying to catch some simple types of ... information carried by the digital certificates was ... clicking on any RFC number, brings up that RFC in the lower RFC summary ...
(comp.security.misc)
Re: Postfix + Auth + SSL + pop3s/imaps
... >> to use for authentication. ... Or I would still need SASL for smtp? ... >> if it's Plain or Login because I'm going to use SSL and that would ... >> encrypt both Login and the data channel. ...
(freebsd-questions)
Re: Mixed Mode Authentication in .net 2.0
... Basic auth should be used with SSL. ... authentication should use SSL anyway, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.framework.aspnet.security)