dynamically requesting windows authentication on a resource

z f · Aug 28, 2005

Hi,

I have a asp.net web application, and in one of my pages I would like to be
able to request windows authentication on the fly, without the page
configured for windows authenticatino in IIS.

is this possible using some http header / return value?

i can surely mimic IIS behavior returning access denied, but a key should be
added and IIS have to accept the credentials of the client.

TIA.

Chris Crowe [MVP] · Aug 29, 2005

Although you can dynamically request authentication by setting a 401 Status
and also a WWW-Authenticate header you will not be able to process these I
would think. What will you do with the NTLM hash that is produced?

Why do you want to do this?

This is a set of headers that IIS returns when a user requests an NTLM page.
But if IIS is not configured to accept the NTLM header I do not know what
happens.

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Mon, 29 Aug 2005 19:10:54 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: close
Content-Length: 4431
Content-Type: text/html

--
Cheers

Chris

Chris Crowe [IIS MVP]
http://blog.crowe.co.nz

Joe Kaplan \(MVP - ADSI\) · Aug 30, 2005

You can definitely handle your own basic auth though. It is very "basic".

However, this is not a good idea without SSL in the mix.

Joe K.

Chris Crowe said:
Although you can dynamically request authentication by setting a 401
Status and also a WWW-Authenticate header you will not be able to process
these I would think. What will you do with the NTLM hash that is produced?

Why do you want to do this?

This is a set of headers that IIS returns when a user requests an NTLM
page. But if IIS is not configured to accept the NTLM header I do not know
what happens.

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Mon, 29 Aug 2005 19:10:54 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: close
Content-Length: 4431
Content-Type: text/html

--
Cheers

Chris

Chris Crowe [IIS MVP]
http://blog.crowe.co.nz

z f said:

Hi,

I have a asp.net web application, and in one of my pages I would like to
be able to request windows authentication on the fly, without the page
configured for windows authenticatino in IIS.

is this possible using some http header / return value?

i can surely mimic IIS behavior returning access denied, but a key should
be added and IIS have to accept the credentials of the client.

TIA.

Click to expand...

Windows authentication with impersonation - network resource access fails	0	Mar 18, 2005
Windows Authentication	4	Sep 1, 2009
Configuring Windows-based Authentication and UrlAuthorization	19	Aug 29, 2009
WCF service, legacy client using Basic authentication?	1	Jun 2, 2009
how to avoid challenge window when windows authentication mode is	1	May 21, 2007
Windows Authentication with ASP.Net and SQL Server	2	Sep 11, 2005
IIS settings & windows authentication	2	Mar 28, 2009
Integrated Windows Authentication not working	1	Oct 8, 2008

dynamically requesting windows authentication on a resource

z f

Chris Crowe [MVP]

Joe Kaplan \(MVP - ADSI\)

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads