|
Home > Archive > IIS Server Security > April 2004 > Authentication
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I have a server running IIS 4. It has a certificate
installed and is running SSL on one of my sites. If I am
at a page (http) and I make a user authenticate (basic
authentication) the password is sent in plain text. If I
am at a page (https) and a user authenticates using basic
is the password and username then encrypted?? (NN or IE)
If I go to IE only?
Thanks
MIke
| |
| Bernard 2004-02-25, 9:40 am |
| Yes, browse the page in https, when IIS authentication kicks in, it will be
encrypted. Most browser support basic + ssl
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Mike" <anonymous@discussions.microsoft.com> wrote in message
news:09d201c3fb0d$e5402a00$a401280a@phx.gbl...
> I have a server running IIS 4. It has a certificate
> installed and is running SSL on one of my sites. If I am
> at a page (http) and I make a user authenticate (basic
> authentication) the password is sent in plain text. If I
> am at a page (https) and a user authenticates using basic
> is the password and username then encrypted?? (NN or IE)
> If I go to IE only?
>
> Thanks
> MIke
| |
|
| Thanks for the reply
Mike
>-----Original Message-----
>Yes, browse the page in https, when IIS authentication
kicks in, it will be
>encrypted. Most browser support basic + ssl
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>"Mike" <anonymous@discussions.microsoft.com> wrote in
message
>news:09d201c3fb0d$e5402a00$a401280a@phx.gbl...
am[color=darkred]
I[color=darkred]
basic[color=darkred]
>
>
>.
>
| |
|
| Guys,
Your discussion is exactly what I am researching. Am I to understand that if you purchase a SSL certifcate and install it on an INTRANET exposed to the internet that the subsequent authentication login dialog and password would be encrypted?
For example https://myExposed.CompanyIntranet.com
----- anonymous@discussions.microsoft.com wrote: -----
Thanks for the reply
Mike
>-----Original Message-----
>Yes, browse the page in https, when IIS authentication
kicks in, it will be
>encrypted. Most browser support basic + ssl
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
message[vbcol=seagreen]
>news:09d201c3fb0d$e5402a00$a401280a@phx.gbl...
am[vbcol=seagreen]
I[vbcol=seagreen]
basic[vbcol=seagreen]
>
| |
| Ken Schaefer 2004-04-28, 12:34 am |
| Everything except the actual request line is encrypted. The line:
GET /mypage.htm HTTP/1.1
is not encrypted. The user credentials are.
Cheers
Ken
"Lance" <nospam@corvascmds.com> wrote in message
news:C6B3F216-228D-497B-9A59-873DB40EBD8F@microsoft.com...
: Guys,
:
: Your discussion is exactly what I am researching. Am I to understand that
if you purchase a SSL certifcate and install it on an INTRANET exposed to
the internet that the subsequent authentication login dialog and password
would be encrypted?
:
: For example https://myExposed.CompanyIntranet.com
:
: ----- anonymous@discussions.microsoft.com wrote: -----
:
: Thanks for the reply
:
: Mike
:
:
: >-----Original Message-----
: >Yes, browse the page in https, when IIS authentication
: kicks in, it will be
: >encrypted. Most browser support basic + ssl
: >>--
: >Regards,
: >Bernard Cheah
: >http://support.microsoft.com/
: >Please respond to newsgroups only ...
: >>>"Mike" <anonymous@discussions.microsoft.com> wrote in
: message
: >news:09d201c3fb0d$e5402a00$a401280a@phx.gbl...
: >> I have a server running IIS 4. It has a certificate
: >> installed and is running SSL on one of my sites. If I
: am
: >> at a page (http) and I make a user authenticate (basic
: >> authentication) the password is sent in plain text. If
: I
: >> am at a page (https) and a user authenticates using
: basic
: >> is the password and username then encrypted?? (NN or IE)
: >> If I go to IE only?
: >>>> Thanks
: >> MIke
: >>>.
: >
|
|
|
|
|