K
kipp b
Sorry about the simplicity of this question:
I noticed within a lot of web sites there is an NTLM authentication
when a user does a simple HTTP GET.
Example:
http://www.amazon.com/exec/obidos/subst/home/home.html
GET http://www.amazon.com/exec/obidos/subst/home/home.html HTTP/1.1
Host: www.amazon.com:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: session-id=104-4473924-0563158; ubid-main=430-7321142-9950765;
session-id-time=1092816000
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
Question .... why does a user who has no login account need to
authenticate? What is the thought process behind this?
Thanks in advance
I noticed within a lot of web sites there is an NTLM authentication
when a user does a simple HTTP GET.
Example:
http://www.amazon.com/exec/obidos/subst/home/home.html
GET http://www.amazon.com/exec/obidos/subst/home/home.html HTTP/1.1
Host: www.amazon.com:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: session-id=104-4473924-0563158; ubid-main=430-7321142-9950765;
session-id-time=1092816000
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
Question .... why does a user who has no login account need to
authenticate? What is the thought process behind this?
Thanks in advance