NTLM web authentication

zmaddi_at_hotmail.com
Date: 08/16/04


Date: 16 Aug 2004 13:58:57 -0700

Hi all,

We are developing the Authentication page for our web server for x86
devices running headless CE.NET 4.2 image.
All the following values can be changed directly by our web page, and
written into the appropriate registry values.

1- The default Domain is first entered in another web page.

2- Authentication method: Basic or NTLM authentication

3- Virtual roots section (same asp page as 2)
- Virtual root name (ex: \)
- Virtual root location (ex: \HardDisk\WEB\)
- Authorization level (Select between Public, User or Administrator)
- List of allowed users (ex: UserName; )

I am using NTLM authentication; the authorized level selected is User,
and I gave my NTLM username. When connection dialog popup I entered
my NTLM credentials. The connection is OK. If I change the username to
another one, I am always able to access the web server without
entering the new credentials for the new user!
My question is: Is this design sufficient, or should I add more
functionality to add and delete users with functions like
NTLMDeleteUser , NTLMSetUserInfo, in my asp page?

Thank you,
Zineb Maddi



Relevant Pages

  • RE: prompted for username, password on iis5 running xp pro
    ... >Server will negociated an authentication method. ... >an valid username/password, the username/password box ... >the web server will send the content to the client. ... >the Web Server in Windows 2000 Server and Windows XP Pro ...
    (microsoft.public.inetserver.iis.security)
  • NTLM web authentication
    ... We are developing the Authentication page for our web server for x86 ... I am using NTLM authentication; the authorized level selected is User, ... functionality to add and delete users with functions like ...
    (microsoft.public.windowsce.platbuilder)
  • Re: Securing Windows Media Encoder streams/broadcasts
    ... >>The security comment was in response to the previous posters comment about ... >>protecting a URL and feeding the video on a web site, ... > authentication system yourself - as the previous poster stated, ... your web server on the encoder client machine modifies the ...
    (microsoft.public.windowsmedia.encoder)
  • RE: DMZ and AD Authentication
    ... authentication, and then permitting them users to access the AD for ... thru is the web server was compromised. ... I would recommend using the Cisco Security Agent on the web ... >Subject: DMZ and AD Authentication ...
    (Security-Basics)
  • RE: website inside or outside the domain?
    ... it is better not to have domain authentication traffic ... publicly accessible web server in a DMZ, with a DC also in the DMZ ... > webserver is ... network) its not the best model to use. ...
    (Focus-Microsoft)