PROBLEMS with AuthenticationType being NTLM and Negotiate

T

tepe.hughes

I have two webservers running the same aspx pages. (The webpage allows
Active Directory Editing).

These pages run fine on the 1st server but not on the second server (it
errors with Logon failure: unknown user name or bad password).

The web.config file (on both servers) have these options set

authentication mode="Windows"
deny users="?"
identity impersonate="true"

After some looking around the only difference I can see between the two
server is that the 1st server reports that
Page.User.Identity.AuthenticationType is "NTLM" while the 2nd
server reports "Negotiate".

Both servers are in the same domain, as far as I can tell both iis
setting are the same.

Can only one help me out?
 
D

Dominick Baier [DevelopMentor]

Hello (e-mail address removed),

to access remote Active Directory using impersonated credentials, delegation
has to be enabled for both web server. this is done in Active Directoy Users
and Computers. Select the "Trust this Computer for Delegation" check box.

Another important part is, that the authentication between browser and web
server has to be done via Kerberos. Have a look in the security event log
on your servers, you should see logon events for the client running the browser.
The authentication package has to be Kerberos. If you see NTLM, this can
have various reasons.

also check out keiths new article in msdnmag:
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top