IIS Authenticating with IIS using Windows Integrated

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

IIS Authenticating with IIS using Windows Integrated

Message

From

21/06/2005 14:11:44

Victor Campos
Rowland Heights, California, United States

All

General information

Forum:

ASP.NET

Category:

Security

Title:

IIS Authenticating with IIS using Windows Integrated

Environment versions

Environment:

C# 1.1

OS:

Windows Server 2003

Network:

Windows 2003 Server

Database:

MS SQL Server

Miscellaneous

Thread ID:

01025229

Message ID:

01025229

Views:

Alright, we figured out that using Windows Integrated security will not send plain text over the wire under certain conditions:

* Anon. Access is disabled
* Basic Auth is disabled
* Client is I.E. 2.0 or above
* IIS is on W2K or above

Negotiation is actually done in two forms:

* NTLM
* Kerberos

However, does anyone know if the 1st IIS is a client to a web server on another 2nd IIS box where the 2nd is using Windows Integrated Security and all the above conditions apply will NTLM and Kerberos still apply?

Do you have any links or sources to back up the claim?

-vic
My Personal Site

Map

View

Click here to load this message in the networking platform