Integrated Windows Authentication and Session Timeout.

S

Sulaiman

The main idea of IWA is to have a single sign on capabilities web site and I
think it is good if you have a web that cater internal people.
A few questions coming out from this implementation
1) How does the C# Windows Authentication work? Does the NTLM handshake only
happen in the first request? or for every request that get sent to the
server, it performs NTLM handshake?

If the NLTM handshake only happens in the first request, how does the server
maintain the client state? is it through cookie?

2) In a form based implementation, it is very easy to implement session
timeout. We initially assigned the user a authentication cookie and just set
the authentication cookie to expire to say 20 minutes. If it is expired, then
just redirect to the login page. However in the Windows Authentication
environment, how you implement session timeout? because as long as the user
still log in to the Machine, it should never be timeout? What do you guys
think about this?
 
S

Sulaiman

Sorry, maybe I should post with the right terms... I need to differentiate
between authentication and session state... I made some changes below
If the NLTM handshake only happens in the first request, how does the server
maintain the client state? is it through cookie?

How does the server maintain the authentication state? Is it through cookie?
 
D

Dominick Baier

The NTLM credentials are sent on every request, but IIS and the LSA do some
clever caching so they don't have to do a roundtrip to the registry/a DC
every time.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top