1

I use Windows authentication for a web application. When WWW-Authenticate header's value is NTLM, i am not able to parse user name and password on server side (.NET). I am not able to log request headers for type 1 message. I tried doing so in Application_BeginRequest and Application_AuthenticateRequest events, it didnt work. But i am able to see the message type 1 and 2, authorization and www-authenticate headers in Firefox web debugger.

You can see the NTLM handshake here: http://www.innovation.ch/personal/ronald/ntlm.html

user3233670
  • 11
  • 2
  • What exactly do you mean "not able to parse user name and password"? (You realize that the whole point of NTLM authentication is that the server *doesn't* get to see the password, just to verify that it is correct?) – Harry Johnston Jun 10 '14 at 00:08
  • I just understood that it is not possible to parse username and password. Actually i am trying to get the three messages(negociate, challenge and authenticate). I have an asp.net web site where I put a breakpoint on a default.aspx page, and when i debug i get only the third message, not the first one. Is that normal. – user3233670 Jun 10 '14 at 13:46
  • I'm still confused. Are you trying to implement the NTLM authentication yourself, rather than letting the web server do it for you? – Harry Johnston Jun 10 '14 at 18:49
  • I am trying to implement NTLM myself with .Net. So i removed from web.config. And I let all anonymous users going to default page. The first time the user GET's the page, if the header Authorization is empty, i challenge him. So i send him the header WWW-Authenticate with NTLM value. – user3233670 Jun 10 '14 at 19:00
  • I am trying to do like this post: http://stackoverflow.com/questions/11830957/ntlm-authentication-in-a-web-application-java?rq=1 My project is a .Net one I was not able to put a breakpoint on the line if (msg[8] == 1) – user3233670 Jun 10 '14 at 19:57
  • I would hazard a guess that IIS is rejecting the request without bothering to ask your application about it. But I could be wrong. – Harry Johnston Jun 10 '14 at 21:36
  • I have tried the asp.net web site under another virtual machine which is 32-bits (not 64-bits), and it works. I could not solve the problem on 64-bits machine. I tried to create another web site in IIS 8, and it works......but i didn't found the cause. – user3233670 Jun 12 '14 at 14:16

0 Answers0