Integrated Windows Authentication

Discussion in 'ASP .Net Security' started by mail747097@fificorp.net, Jan 30, 2007.

  1. Guest

    I have read somewhere that Basic Authentication should be avoided
    because it sends passwords in clear text and that Integrated Windows
    Authentication only works with Internet Explorer on a Windows
    computer. I have a website in IIS with only Integrated Windows
    Authentication enabled and not anonymous or Basic Authentication
    enabled. I have installed Mozilla on the computed and could log on
    with no problem. I then booted from a Knoppix Live CD on another
    computer and again logged on using Firefox with no problem. I then did
    a TCP/IP trace of the network traffic while I logged onto the site in
    Knoppix and could not find any password. Why is this?
    , Jan 30, 2007
    #1
    1. Advertising

  2. Basic Auth sends passwords in clear text, integrated sends them hashed (this
    is only slightly better).

    In any case you need SSL to protect the credentials on the wire.

    Integrated auth is really 2 protocols - NTLM and Kerberos.

    Some browsers like FF support NTLM - thats probably the reason why you could
    log on...




    -----
    Dominick Baier (http://www.leastprivilege.com)

    > I have read somewhere that Basic Authentication should be avoided
    > because it sends passwords in clear text and that Integrated Windows
    > Authentication only works with Internet Explorer on a Windows
    > computer. I have a website in IIS with only Integrated Windows
    > Authentication enabled and not anonymous or Basic Authentication
    > enabled. I have installed Mozilla on the computed and could log on
    > with no problem. I then booted from a Knoppix Live CD on another
    > computer and again logged on using Firefox with no problem. I then did
    > a TCP/IP trace of the network traffic while I logged onto the site in
    > Knoppix and could not find any password. Why is this?
    >
    Dominick Baier, Jan 30, 2007
    #2
    1. Advertising

  3. Guest

    Yes you are correct. I found it here as well that Mozilla supports
    NTLM:
    http://www.mozilla.org/status/2003-11-24.html

    On 30 Jan, 11:20, Dominick Baier
    <dbaier@pleasepleasenospam_leastprivilege.com> wrote:
    > Basic Auth sends passwords in clear text, integrated sends them hashed (this
    > is only slightly better).
    >
    > In any case you need SSL to protect the credentials on the wire.
    >
    > Integrated auth is really 2 protocols - NTLM and Kerberos.
    >
    > Some browsers like FF support NTLM - thats probably the reason why you could
    > log on...
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    >
    >
    > > I have read somewhere that Basic Authentication should be avoided
    > > because it sends passwords in clear text and that Integrated Windows
    > > Authentication only works with Internet Explorer on a Windows
    > > computer. I have a website in IIS with only Integrated Windows
    > > Authentication enabled and not anonymous or Basic Authentication
    > > enabled. I have installed Mozilla on the computed and could log on
    > > with no problem. I then booted from a Knoppix Live CD on another
    > > computer and again logged on using Firefox with no problem. I then did
    > > a TCP/IP trace of the network traffic while I logged onto the site in
    > > Knoppix and could not find any password. Why is this?- Dölj citerad text -- Visa citerad text -
    , Jan 30, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    667
  2. Andrew
    Replies:
    4
    Views:
    543
    Marty U.
    Jun 23, 2004
  3. ruca
    Replies:
    1
    Views:
    2,295
  4. Brett Smith
    Replies:
    2
    Views:
    444
    Brett Smith
    Oct 26, 2004
  5. Will
    Replies:
    5
    Views:
    2,602
Loading...

Share This Page