simple authentication

C

Coldman

hi,
IIS 5 and 6, IE 5 and 6, simple authentication
does the browser send the username and password in clear text on every
request after been authenticated?
 
B

Brock Allen

Given how HTTP is disconnected, with any authentication protocol the browser
needs to send something back to the server to identifit itself after it's
authenticated. With NTML it's a identification header, with FormsAuth it's
the forms auth cookie.
 
P

Paul Clement

¤ hi,
¤ IIS 5 and 6, IE 5 and 6, simple authentication
¤ does the browser send the username and password in clear text on every
¤ request after been authenticated?
¤

I guess it depends on what you mean by simple authentication. For Basic authentication the user ID
and password are not encrypted and can be impersonated and delegated at the web server. With
Integrated Windows Security, NTLM handles the authentication and credentials can be impersonated but
not delegated unless Kerberos is configured. Clear text credentials are not an issue with Integrated
Windows Security.


Paul
~~~~
Microsoft MVP (Visual Basic)
 
J

John

Coldman said:
hi,
IIS 5 and 6, IE 5 and 6, simple authentication
does the browser send the username and password in clear text on every
request after been authenticated?
Click to expand...

i meant basic not simple :(
"with any authentication protocol the browser needs to send something
back to the server to identifit itself after it's authenticated"

what is IE sending - is it the username and pass or some other proove
this is the same client?

thanks
 
P

Paul Clement

¤ Coldman wrote:
¤ > hi,
¤ > IIS 5 and 6, IE 5 and 6, simple authentication
¤ > does the browser send the username and password in clear text on every
¤ > request after been authenticated?
¤ >
¤ >
¤
¤ i meant basic not simple :(
¤ "with any authentication protocol the browser needs to send something
¤ back to the server to identifit itself after it's authenticated"
¤
¤ what is IE sending - is it the username and pass or some other proove
¤ this is the same client?

It has to send an authentication header (which is cached by the browser after initial
authentication) each time if the web server responds with an authentication request.


Paul
~~~~
Microsoft MVP (Visual Basic)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Survey details won't go through using php, ajax, Mysql 0
React native post-request is not working 1
web.config and Anonymous Authentication problems ??? 0
What language should I learn to create an authentication website? 2
Registration Form 7
windows authentication 3
Password confirmation issue 5
Simple functions don't work :( 3

Members online

No members online now.
Total: 20 (members: 0, guests: 20)
Robots: 225

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,023
Latest member
websitedesig25

Latest Threads

Top