Integrated Windows Authentication

M

mail747097

I have read somewhere that Basic Authentication should be avoided
because it sends passwords in clear text and that Integrated Windows
Authentication only works with Internet Explorer on a Windows
computer. I have a website in IIS with only Integrated Windows
Authentication enabled and not anonymous or Basic Authentication
enabled. I have installed Mozilla on the computed and could log on
with no problem. I then booted from a Knoppix Live CD on another
computer and again logged on using Firefox with no problem. I then did
a TCP/IP trace of the network traffic while I logged onto the site in
Knoppix and could not find any password. Why is this?
 
D

Dominick Baier

Basic Auth sends passwords in clear text, integrated sends them hashed (this
is only slightly better).

In any case you need SSL to protect the credentials on the wire.

Integrated auth is really 2 protocols - NTLM and Kerberos.

Some browsers like FF support NTLM - thats probably the reason why you could
log on...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Integrated Windows Authentication not working 1
WCF and Integrated Windows Authentication 7
ASP.NET Forms Authentication with Oracle Integrated Security 2
Integrated Authentication with SQL 8
ASP.NET Integrated Windows Authentication 2
Asp.net: Integrated windows authentication 0
IIS 7.0 and Windows Integrated Authentication? 1
Windows Authentication to SQL Server? 6

Members online

No members online now.
Total: 62 (members: 1, guests: 61)
Robots: 473

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,710
Latest member
bernietqt

Latest Threads

Top