Re: IIS Authentication Providers
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/29/04
- Next message: David Wang [Msft]: "Re: asp request data lost with iis 6.0"
- Previous message: Bernard: "Re: SSL Port 443 disappears after server restart"
- In reply to: Timothy J. Bruce: "IIS Authentication Providers"
- Next in thread: Timothy J. Bruce: "Re: IIS Authentication Providers"
- Reply: Timothy J. Bruce: "Re: IIS Authentication Providers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 03:12:45 -0800
NTAuthenticationProviders is not an extensibility point nor what you are
looking for. You want to implement a new authentication protocol, not
extend an existing one. As soon as you said "throw a 300 response", it
eliminated NTAuthenticationProviders.
Instead, write an ISAPI Filter to do your own custom Authentication scheme,
and turn off authentication in IIS so that you have complete control. Lots
of such filters have been written, some are for purchase, and you are always
free to write your own.
For help, first read MSDN documentation. Community newsgroup support can be
found at:
microsoft.public.platformsdk.internet.server.isapi-dev
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Timothy J. Bruce" <uniblab@hotmail.com> wrote in message news:_sfqd.167$925.24247@news1.epix.net... Greetings: You can call me crazy if you like, but I would like to create an additional authentication provider for IIS. I would like IIS to throw a 300 response (this bringing up the ever famous `porn challenge') and resolve the plain-text supplied credentials using my library instead of the system's. I am not interested in the System.Web.Security.HttpHandler Dot Not class. The metabase key NTAuthenticationProviders seems like the place to look, perhaps changing it from (for example) `Negotiate, NTLM' to simply `Foo'. I was, unfortunately, unable to find much data on the NTAuthenticationProviders key. The description of this key (http://msdn.microsoft.com/library/en-us/iissdk/iis/ref_mb_ntauthenticationp roviders.asp?frame=true) doesn't define the semantics, merely the syntax. I know `Negotiate' invokes Kerberos and `NTLM' invokes LanMan, but I also know there is no mention of `Negotiate' in my `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa' key. I can write a kernel-mode Authentication Provider, but I would prefer not to. I really do not understand this key beyond where it is found, and the two values discussed. To create a new AP for use by IIS, must I create a kernel-mode SSP/AP, or is there a trick to have IIS invoke a user-mode AP? Where do I specify that package, in the NTAuthenticationProviders metabase key? Again, my goal is to write a new Authentication Package for IIS. People that answer with `Just use Digest' (or what-ever) are not helping. Respectfully, Timothy J. Bruce uniblab@hotmail.com </RANT>
- Next message: David Wang [Msft]: "Re: asp request data lost with iis 6.0"
- Previous message: Bernard: "Re: SSL Port 443 disappears after server restart"
- In reply to: Timothy J. Bruce: "IIS Authentication Providers"
- Next in thread: Timothy J. Bruce: "Re: IIS Authentication Providers"
- Reply: Timothy J. Bruce: "Re: IIS Authentication Providers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
