NTLM web authentication

zmaddi_at_hotmail.com
Date: 08/16/04


Date: 16 Aug 2004 13:58:57 -0700

Hi all,

We are developing the Authentication page for our web server for x86
devices running headless CE.NET 4.2 image.
All the following values can be changed directly by our web page, and
written into the appropriate registry values.

1- The default Domain is first entered in another web page.

2- Authentication method: Basic or NTLM authentication

3- Virtual roots section (same asp page as 2)
- Virtual root name (ex: \)
- Virtual root location (ex: \HardDisk\WEB\)
- Authorization level (Select between Public, User or Administrator)
- List of allowed users (ex: UserName; )

I am using NTLM authentication; the authorized level selected is User,
and I gave my NTLM username. When connection dialog popup I entered
my NTLM credentials. The connection is OK. If I change the username to
another one, I am always able to access the web server without
entering the new credentials for the new user!
My question is: Is this design sufficient, or should I add more
functionality to add and delete users with functions like
NTLMDeleteUser , NTLMSetUserInfo, in my asp page?

Thank you,
Zineb Maddi