NTLMSSP (SSPI) work with IE client ???
- From: Andy <adzheng@xxxxxxxxx>
- Date: Fri, 10 Apr 2009 10:37:42 -0700 (PDT)
Hello,
I wrote a small test web server trying to talk to IE client for NTLM
authentication. I'm using SSPI AcceptSecurityContext() etc in my
server side code. I was able to get IE send me the Type-3 message with
LM and NT response hashes. But when I called AcceptSecurityContext()
again passing in these response data, it returned ACCESS LOGIN DENIED
(The logon attempt failed.etc). I checked the decoded Type-3 message
received from IE with the package generated from SSPI
(InitializeSecurityContext) which was in a test client I wrote just to
make sure my server side is working fine. I found out that the LM
response field are different in these 2 packages. In IE generated LM
response, the 24 bytes field are filled with the hash data while in
SSPI generated LM response, only the first 8 bytes are filled with
hash data and the rest 16 bytes are all 0x00. The NT response seems
all filled with hash data. I'm pretty sure this is the reason that
cause the AcceptSecurityContext() to fail but I don't know how to
solve this.
Does anyone know if a server implementing NTLMSSP(using SSPI,
AcceptSecurityContext() api etc..) authentication will work with a IE
client performing NTLM authentication?
Thanks,
Andy
.
- Prev by Date: Re: file security by application
- Next by Date: WinVerifyTrust Failure on WinXP
- Previous by thread: symmetric provider key and msbuild
- Next by thread: WinVerifyTrust Failure on WinXP
- Index(es):
Relevant Pages
|
