Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > simple authentication

Reply
Thread Tools

simple authentication

 
 
Coldman
Guest
Posts: n/a
 
      09-07-2005
hi,
IIS 5 and 6, IE 5 and 6, simple authentication
does the browser send the username and password in clear text on every
request after been authenticated?


 
Reply With Quote
 
 
 
 
Brock Allen
Guest
Posts: n/a
 
      09-07-2005
Given how HTTP is disconnected, with any authentication protocol the browser
needs to send something back to the server to identifit itself after it's
authenticated. With NTML it's a identification header, with FormsAuth it's
the forms auth cookie.

-Brock
DevelopMentor
http://staff.develop.com/ballen



> hi,
> IIS 5 and 6, IE 5 and 6, simple authentication
> does the browser send the username and password in clear text on every
> request after been authenticated?




 
Reply With Quote
 
 
 
 
Paul Clement
Guest
Posts: n/a
 
      09-07-2005
On Wed, 7 Sep 2005 16:22:02 +0300, "Coldman" <(E-Mail Removed)> wrote:

hi,
IIS 5 and 6, IE 5 and 6, simple authentication
does the browser send the username and password in clear text on every
request after been authenticated?


I guess it depends on what you mean by simple authentication. For Basic authentication the user ID
and password are not encrypted and can be impersonated and delegated at the web server. With
Integrated Windows Security, NTLM handles the authentication and credentials can be impersonated but
not delegated unless Kerberos is configured. Clear text credentials are not an issue with Integrated
Windows Security.


Paul
~~~~
Microsoft MVP (Visual Basic)
 
Reply With Quote
 
John
Guest
Posts: n/a
 
      09-07-2005
Coldman wrote:
> hi,
> IIS 5 and 6, IE 5 and 6, simple authentication
> does the browser send the username and password in clear text on every
> request after been authenticated?
>
>


i meant basic not simple
"with any authentication protocol the browser needs to send something
back to the server to identifit itself after it's authenticated"

what is IE sending - is it the username and pass or some other proove
this is the same client?

thanks
 
Reply With Quote
 
Paul Clement
Guest
Posts: n/a
 
      09-08-2005
On Wed, 07 Sep 2005 20:29:52 +0300, John <(E-Mail Removed)> wrote:

Coldman wrote:
> hi,
> IIS 5 and 6, IE 5 and 6, simple authentication
> does the browser send the username and password in clear text on every
> request after been authenticated?
>
>

i meant basic not simple
"with any authentication protocol the browser needs to send something
back to the server to identifit itself after it's authenticated"

what is IE sending - is it the username and pass or some other proove
this is the same client?

It has to send an authentication header (which is cached by the browser after initial
authentication) each time if the web server responds with an authentication request.


Paul
~~~~
Microsoft MVP (Visual Basic)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Failed Authentication, Status "Unsupported Authentication Algorithm" Rafael Cisco 1 11-26-2004 03:57 PM
Basic Authentication v. Integrated Windows Authentication w/ Delegation Mark ASP .Net 0 01-20-2004 03:13 PM
ASP.Net Forms authentication with basic authentication popup Brett Porter ASP .Net 2 01-20-2004 02:17 PM
Moving from Baisc Authentication to Forms Authentication raj mandadi ASP .Net 0 12-22-2003 12:16 AM
Forms Authentication, external authentication server, & rerouting to orig. req. URL Andrew Connell ASP .Net 1 10-21-2003 05:41 PM



Advertisments