Integrated Windows Authentication

M

mail747097

I have read somewhere that Basic Authentication should be avoided
because it sends passwords in clear text and that Integrated Windows
Authentication only works with Internet Explorer on a Windows
computer. I have a website in IIS with only Integrated Windows
Authentication enabled and not anonymous or Basic Authentication
enabled. I have installed Mozilla on the computed and could log on
with no problem. I then booted from a Knoppix Live CD on another
computer and again logged on using Firefox with no problem. I then did
a TCP/IP trace of the network traffic while I logged onto the site in
Knoppix and could not find any password. Why is this?
 
D

Dominick Baier

Basic Auth sends passwords in clear text, integrated sends them hashed (this
is only slightly better).

In any case you need SSL to protect the credentials on the wire.

Integrated auth is really 2 protocols - NTLM and Kerberos.

Some browsers like FF support NTLM - thats probably the reason why you could
log on...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top