simple authentication

Discussion in 'ASP .Net' started by Coldman, Sep 7, 2005.

  1. Coldman

    Coldman Guest

    hi,
    IIS 5 and 6, IE 5 and 6, simple authentication
    does the browser send the username and password in clear text on every
    request after been authenticated?
     
    Coldman, Sep 7, 2005
    #1
    1. Advertising

  2. Coldman

    Brock Allen Guest

    Given how HTTP is disconnected, with any authentication protocol the browser
    needs to send something back to the server to identifit itself after it's
    authenticated. With NTML it's a identification header, with FormsAuth it's
    the forms auth cookie.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > hi,
    > IIS 5 and 6, IE 5 and 6, simple authentication
    > does the browser send the username and password in clear text on every
    > request after been authenticated?
     
    Brock Allen, Sep 7, 2005
    #2
    1. Advertising

  3. Coldman

    Paul Clement Guest

    On Wed, 7 Sep 2005 16:22:02 +0300, "Coldman" <> wrote:

    ¤ hi,
    ¤ IIS 5 and 6, IE 5 and 6, simple authentication
    ¤ does the browser send the username and password in clear text on every
    ¤ request after been authenticated?
    ¤

    I guess it depends on what you mean by simple authentication. For Basic authentication the user ID
    and password are not encrypted and can be impersonated and delegated at the web server. With
    Integrated Windows Security, NTLM handles the authentication and credentials can be impersonated but
    not delegated unless Kerberos is configured. Clear text credentials are not an issue with Integrated
    Windows Security.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Sep 7, 2005
    #3
  4. Coldman

    John Guest

    Coldman wrote:
    > hi,
    > IIS 5 and 6, IE 5 and 6, simple authentication
    > does the browser send the username and password in clear text on every
    > request after been authenticated?
    >
    >


    i meant basic not simple :(
    "with any authentication protocol the browser needs to send something
    back to the server to identifit itself after it's authenticated"

    what is IE sending - is it the username and pass or some other proove
    this is the same client?

    thanks
     
    John, Sep 7, 2005
    #4
  5. Coldman

    Paul Clement Guest

    On Wed, 07 Sep 2005 20:29:52 +0300, John <> wrote:

    ¤ Coldman wrote:
    ¤ > hi,
    ¤ > IIS 5 and 6, IE 5 and 6, simple authentication
    ¤ > does the browser send the username and password in clear text on every
    ¤ > request after been authenticated?
    ¤ >
    ¤ >
    ¤
    ¤ i meant basic not simple :(
    ¤ "with any authentication protocol the browser needs to send something
    ¤ back to the server to identifit itself after it's authenticated"
    ¤
    ¤ what is IE sending - is it the username and pass or some other proove
    ¤ this is the same client?

    It has to send an authentication header (which is cached by the browser after initial
    authentication) each time if the web server responds with an authentication request.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Sep 8, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Connell
    Replies:
    1
    Views:
    548
    Natty Gur
    Oct 21, 2003
  2. raj mandadi
    Replies:
    0
    Views:
    431
    raj mandadi
    Dec 22, 2003
  3. Brett Porter
    Replies:
    2
    Views:
    772
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  4. Mark
    Replies:
    0
    Views:
    677
  5. Brett Porter
    Replies:
    5
    Views:
    588
    Brett Porter
    Feb 3, 2004
Loading...

Share This Page