Re: Integrated Windows Authentication
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 23 Mar 2008 20:07:11 +1100
"vx" <vx@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:78FEF025-F48C-4CB7-BA19-16D1F1EFF187@xxxxxxxxxxxxxxxx
Thanks you very much for your help!
a new question:
What is the authentication mechanism for sending the credentials
from the client machine to IIS ?
There is no single way of doing this. The HTTP specification permits the server to send back supported authN mechanisms via the use of WWW-Authenticate: headers (e.g.
WWW-Authenticate: Basic
(to show that the server supports Basic Authentication). The client would send credentials back using an Authorization: header
But it's also possible to send credentials via a HTTP form (e.g. ASP.NET forms based authentication or similar). In this case access is anonymous at the HTTP layer, but authentication occurs within the application layer. Alternatively you can use client certificates to authenticate users - in this case authentication data is sent as part of the SSL/TLS handshake that occurs even before HTTP headers are exchanged (i.e. below the HTTP layer).
So there are many ways to authenticate clients to the server. The KB article is talking about HTTP-based authentication.
Cheers
Ken
.
- References:
- Re: Integrated Windows Authentication
- From: Ken Schaefer
- Re: Integrated Windows Authentication
- From: Ken Schaefer
- Re: Integrated Windows Authentication
- Prev by Date: Re: Integrated Windows Authentication
- Next by Date: Re: access issue
- Previous by thread: Re: Integrated Windows Authentication
- Index(es):
Relevant Pages
|
