PROBLEMS with AuthenticationType being NTLM and Negotiate

Discussion in 'ASP .Net Security' started by tepe.hughes@gmail.com, Aug 25, 2005.

  1. Guest

    I have two webservers running the same aspx pages. (The webpage allows
    Active Directory Editing).

    These pages run fine on the 1st server but not on the second server (it
    errors with Logon failure: unknown user name or bad password).

    The web.config file (on both servers) have these options set

    authentication mode="Windows"
    deny users="?"
    identity impersonate="true"

    After some looking around the only difference I can see between the two
    server is that the 1st server reports that
    Page.User.Identity.AuthenticationType is "NTLM" while the 2nd
    server reports "Negotiate".

    Both servers are in the same domain, as far as I can tell both iis
    setting are the same.

    Can only one help me out?
    , Aug 25, 2005
    #1
    1. Advertising

  2. Hello ,

    to access remote Active Directory using impersonated credentials, delegation
    has to be enabled for both web server. this is done in Active Directoy Users
    and Computers. Select the "Trust this Computer for Delegation" check box.

    Another important part is, that the authentication between browser and web
    server has to be done via Kerberos. Have a look in the security event log
    on your servers, you should see logon events for the client running the browser.
    The authentication package has to be Kerberos. If you see NTLM, this can
    have various reasons.

    also check out keiths new article in msdnmag:
    http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have two webservers running the same aspx pages. (The webpage allows
    > Active Directory Editing).
    >
    > These pages run fine on the 1st server but not on the second server
    > (it errors with Logon failure: unknown user name or bad password).
    >
    > The web.config file (on both servers) have these options set
    >
    > authentication mode="Windows"
    > deny users="?"
    > identity impersonate="true"
    > After some looking around the only difference I can see between the
    > two
    > server is that the 1st server reports that
    > Page.User.Identity.AuthenticationType is "NTLM" while the 2nd
    > server reports "Negotiate".
    > Both servers are in the same domain, as far as I can tell both iis
    > setting are the same.
    >
    > Can only one help me out?
    >
    Dominick Baier [DevelopMentor], Aug 25, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Carlos Fersura

    WebControls and NTLM Authentication

    Carlos Fersura, Nov 3, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    334
    Carlos Fersura
    Nov 3, 2003
  2. Tom
    Replies:
    6
    Views:
    383
  3. Matthijs
    Replies:
    0
    Views:
    816
    Matthijs
    Dec 10, 2008
  4. steve baker

    WindowsIdentity.AuthenticationType returns ""

    steve baker, Jul 16, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    318
    steve baker
    Jul 16, 2003
  5. DougM
    Replies:
    1
    Views:
    127
    Ken Schaefer
    Sep 23, 2004
Loading...

Share This Page