M
Manny Vellon
Is there a good explanation (web page, book, etc.) of how IIS security and
AuthenticationManager security interrelate in the context of Web services? I
am experimenting with this and don't understand why if I call
AuthenticationManager.Unregister() and remove all authentication modules
except NTLM, that it seems that my IIS server is still trying to do
"Negotiate" authentication (as determined by an Ethereal sniff and looking
at the HTTP response headers (the "WWW-Authenticate" header). I've set up my
IIS folder and file security (on my web service directory and .asmx file) to
specify "Integrated Windows Authentication". I have verified that the
Unregister calls are doing the right thing (by iterating through the
RegisteredModules and verifying that only NTLM remains).
thanks.
AuthenticationManager security interrelate in the context of Web services? I
am experimenting with this and don't understand why if I call
AuthenticationManager.Unregister() and remove all authentication modules
except NTLM, that it seems that my IIS server is still trying to do
"Negotiate" authentication (as determined by an Ethereal sniff and looking
at the HTTP response headers (the "WWW-Authenticate" header). I've set up my
IIS folder and file security (on my web service directory and .asmx file) to
specify "Integrated Windows Authentication". I have verified that the
Unregister calls are doing the right thing (by iterating through the
RegisteredModules and verifying that only NTLM remains).
thanks.