Re: Authentification - Server Variables ( omg! )

Thanks for the responses guys.

I think we've got two choices.. tell them no. or create a windows app
that will encrypt the current user and send it as a querystring to the
remote url.. ho hum..

Cheers
-Adrian

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:HRDvqiX0GHA.4532@xxxxxxxxxxxxxxxxxxxxxxxx
| Hi Adrian,
|
| I think Rob's analysis here is reasonable. As for IE, it will always send
| an anonymous request to the remote web site first, then depend on whether
| the webserver enable anonymous access or not, the following occurs:
|
| **If allow anonymous, the first request can pass and be processed
| successfully, there is no authentication info in the request/response
|
| **If not allow anonymous, first request is rejected by 401 error, and the
| IE will try sending a credential to server, here depend on whether the
| credential is authenticatable on server, it will result the below
behavior:
|
| << If the credential can be authenticatable( duplicated local account on
| both client and server or a domain user account in shared domain or
trusted
| domain), the second request get processed.
|
| <<If the credential not authenticatable, request fail.....
|
| and as for those Server Variable (related to authentication info ), it
will
| contains the client user's value only if the request has passed the
| authentication. Therefore, in your case, since the client machine can not
| provide a valid account that is authenticatable on server, we really have
| no luck here.
|
| BTW, is the reason you don't want user to input username/password
| credentials here specific to security consideration? If so, do you think
it
| is possible to use https/ssl security channel for authentication here?
| This is the most common approach for passing clear/text credential over
| internet. And on the server-side, the application and authenticate the
| credentials against AD through ActiveDirectory membership provider... If
| you think this doable for your scenario, we can provide some detailed
| reference on this.
|
| Please feel free to let me know if you have any other ideas or concerns
| here.
|
| Sincerely,
|
| Steven Cheng
|
| Microsoft MSDN Online Support Lead
|
|
|
| ==================================================
|
| Get notification to my posts through email? Please refer to
|
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
| ications.
|
|
|
| Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
| where an initial response from the community or a Microsoft Support
| Engineer within 1 business day is acceptable. Please note that each follow
| up response may take approximately 2 business days as the support
| professional working with you may need further investigation to reach the
| most efficient resolution. The offering is not appropriate for situations
| that require urgent, real-time or phone-based interactions or complex
| project analysis and dump analysis issues. Issues of this nature are best
| handled working with a dedicated Microsoft Support Engineer by contacting
| Microsoft Customer Support Services (CSS) at
| http://msdn.microsoft.com/subscriptions/support/default.aspx.
|
| ==================================================
|
|
|
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|


.

Relevant Pages

  • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
    ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
    (microsoft.public.inetserver.iis.security)
  • RE: LOGON32_LOGON_NEW_CREDENTIALS and GetTokenInformation
    ... The groups would not be calculated until an actual authentication were ... LOGON32_LOGON_NEW_CREDENTIALS, it's not even known whether the credentials ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.platformsdk.security)
  • Re: Authentification - Server Variables ( omg! )
    ... an anonymous request to the remote web site first, ... and as for those Server Variable (related to authentication info), ... credentials against AD through ActiveDirectory membership provider... ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Determine the existence of a file on remote server
    ... HttpWebRequest wrq = HttpWebRequest.Create; ... for NTLM/Negotiate authentication, you can use the code below to set the ... explicitly set the http request method "GET" (all ... Microsoft Product Support Services ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: "Hidden" HTTP 401 Errors
    ... The default timeout is 900 seconds. ... authentication mechanisms involve authentication the hTTP connection - if ... A page is requested with security credentials, ... Failure triggers the request to be resent with credentials so ...
    (microsoft.public.inetserver.iis.security)
Loading