IIS Server Security - Mixed Authentication question

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > October 2005 > Mixed Authentication question





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Mixed Authentication question
Casper van Dijk

2005-10-06, 5:59 pm

Hi all, can someone confirm this:

If you start an HTTP session from IE by going to an NTLM protected page,
then switch to anonymous pages, then IE thinks all requests should be NTLM
and it will not send the POST body on the first try.
See http://support.microsoft.com/defaul...kb;en-us;251404

Now, when I set up my website with both 'anonymous access' and 'windows
integrated authentication' switched on:
- GET requests are handled directly with a 200 ok
- POST requests result in a 401, causing a second POST with the body

This is exactly the behavior that I want.. But can I rely on this to work?
In other words, is it 'by design' to do 'anonymous' for GET requests and
NTLM for POSTs?

Any insight in this is very much appreciated..
Casper


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com