Re: LOGON_USER lifetime using NTLM
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/10/05
- Next message: middletree: "Win2003 setup"
- Previous message: Ron Rosenkoetter: "RE: Under what credentials does a web-page run?"
- In reply to: Conrad Chan: "Re: LOGON_USER lifetime using NTLM"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 21:24:31 -0800
In your case, since you are issuing the forms auth cookie back to the user,
you control how authentication is going to work. You need to ensure that the
cookie you set is:
1. Considered valid by the server
2. Scoped such that the browser will return the cookie when it accesses the
necessary URL
Since you control #1 for validation, #2 for scope of cookie, and also the
URLs on the server, you should be able to make it work.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Conrad Chan" <ConradChan@discussions.microsoft.com> wrote in message news:018E6234-0E4C-4567-A4B6-13A5F8B389B2@microsoft.com... Thanks David, That really explains a lot. The problem we are having is that we are using mixed mode authentication in ASP.NET, i.e. Windows and Forms. Once the user logins using NTLM, we then issue a Form authentication cookie and then assume the user is logged through form just like other set of users. Hence ASP.NET/IIS does not know it needs to re-authenticate automatically. I guess I will need to detect LOGON_USER is available or I have to force ASP.NET to issue 401 back to browser manually. Thanks again Conrad "David Wang [Msft]" wrote: > NTLM authentication persists as long as the original authenticated > connection between the client and server exists and the browser uses it to > send requests to the server. > > In general, the browser will re-negotiate the authentication on its own > (including NTLM challenge/response) if it is configured to do so -- so the > user does not need to re-authenticate to a given website after the first > login. > > Your problem sounds like that the web browser is UNABLE to automatically > re-authenticate -- either because the browser is configured to not do this, > or you have some intervening proxy that is unfriendly to NTLM that prevents > this, or you've configured the server to not allow keep-alives which > destroys NTLM. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Conrad Chan" <ConradChan@discussions.microsoft.com> wrote in message > news:114A9AEE-F7CB-48AB-9235-6FF8EB6F8D6F@microsoft.com... > The login session using NTLM seems like will be timeout as quick as 3min. I > built a sample ASP.NET Web app using Windows authentication. I can login no > problem. However if I simply let the browser window idle for 3min I realize > the NTLM challenge/response will kick in again. > > Can anyone explain to me if that is the default behavior? Does that mean > that my customers have to re-type their username/password after a couple > mins > if they are not auto-authenticated? > > Thanks for attention > Conrad > > >
- Next message: middletree: "Win2003 setup"
- Previous message: Ron Rosenkoetter: "RE: Under what credentials does a web-page run?"
- In reply to: Conrad Chan: "Re: LOGON_USER lifetime using NTLM"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
