Re: NTLM/Browser Storing Any Sessions ??

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx>
• Date: Tue, 21 Nov 2006 15:57:28 +0800

---

Interesting.. but you should post this to .iis.security.
This is IIS FTP group. I'm not sure why sounds like the session was still
active.


--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


<srihari1986@xxxxxxxxx> wrote in message
news:1163946827.999790.119010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi All,

Right now we have a proxy server which has enabled NTLM Autentication
Enabled for all Internet Website. Normally all the users must be logged
into the domain. But whenever the user try to access the intranet
website it does not go thorugh the proxy because we have added an
exception in the IE and also in our Router to bypass the intranet
traffic not go to the Proxy.

The problem is whenever the users logs into the domain for the first
time and tries to access the intranet websites he get an NT
Authentication Prompt(it could be the server has been enabled with the
NT Authentication option for users). After the user gets the prompt he
does not enter it and he cancels it.

After that he tries to access the internet website which goes through
the proxy and the user is authentication with the NTLM option.After
accessing the internet website he tries to access the intranet website
and he is not prompted for any authentication.

I am not sure why he is not prompted for any authentication. Is it
because the Browser has any cookies or sessions enabled which passes
the authentication to the Intranet Website also? And also whenever i
clear the NTLM Session details from my proxy and i am prompted for
authentication when i try to access the intranet page again? Does the
proxy server delete any sessions from the PC also when it is deleted
in the server?

Thanks
Hari

.

---

• References:
  • NTLM/Browser Storing Any Sessions ??
    • From: srihari1986@xxxxxxxxx

• Prev by Date: Re: Force IIS FTP to use a diffrent IP
• Next by Date: Re: FTP User Isolation and Websites
• Previous by thread: NTLM/Browser Storing Any Sessions ??
• Next by thread: FTP User Isolation and Websites
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: So what happens after creating the login mechanism? ... You're confusing authentication and session management. ... By all means allow your website to 'remember me' - but implement this ... (comp.lang.php) Re: HELP Connection error on Release mode ... "Off" Always display detailed ASP.NET error information. ... This section sets the authentication policies of the application. ... Set trace enabled="true" to enable application trace logging. ... <!-- SESSION STATE SETTINGS ... (microsoft.public.dotnet.languages.csharp) Re: Session Fixation Vulnerability in Web-based Applications ... session, without modifying the way servers generate session ID's is as ... Think of the http server generated sessions as "UI Sessions" and as ... no impact on authentication. ... "authentication key" for this domain (usually in the form of a new ... (NT-Bugtraq) Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure? ... > By this, I mean, usually, on the basic logon screen of a server, I see ... >>;) under the website in question, enabling only Basic authentication. ... and can use the local administrator account to successfully ... (microsoft.public.inetserver.iis.security) Re: Strange IIS Server behavior ... Well what i ment was in IIS for this virtual directory, ... In the website internally, we have a login module which is ... Due to Server Configuration with No Authentication) ... (microsoft.public.inetserver.iis.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.iis.ftp  > 2006-11