Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > PROBLEMS with AuthenticationType being NTLM and Negotiate

Reply
Thread Tools

PROBLEMS with AuthenticationType being NTLM and Negotiate

 
 
tepe.hughes@gmail.com
Guest
Posts: n/a
 
      08-25-2005
I have two webservers running the same aspx pages. (The webpage allows
Active Directory Editing).

These pages run fine on the 1st server but not on the second server (it
errors with Logon failure: unknown user name or bad password).

The web.config file (on both servers) have these options set

authentication mode="Windows"
deny users="?"
identity impersonate="true"

After some looking around the only difference I can see between the two
server is that the 1st server reports that
Page.User.Identity.AuthenticationType is "NTLM" while the 2nd
server reports "Negotiate".

Both servers are in the same domain, as far as I can tell both iis
setting are the same.

Can only one help me out?

 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      08-25-2005
Hello http://www.velocityreviews.com/forums/(E-Mail Removed),

to access remote Active Directory using impersonated credentials, delegation
has to be enabled for both web server. this is done in Active Directoy Users
and Computers. Select the "Trust this Computer for Delegation" check box.

Another important part is, that the authentication between browser and web
server has to be done via Kerberos. Have a look in the security event log
on your servers, you should see logon events for the client running the browser.
The authentication package has to be Kerberos. If you see NTLM, this can
have various reasons.

also check out keiths new article in msdnmag:
http://msdn.microsoft.com/msdnmag/is...s/default.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I have two webservers running the same aspx pages. (The webpage allows
> Active Directory Editing).
>
> These pages run fine on the 1st server but not on the second server
> (it errors with Logon failure: unknown user name or bad password).
>
> The web.config file (on both servers) have these options set
>
> authentication mode="Windows"
> deny users="?"
> identity impersonate="true"
> After some looking around the only difference I can see between the
> two
> server is that the 1st server reports that
> Page.User.Identity.AuthenticationType is "NTLM" while the 2nd
> server reports "Negotiate".
> Both servers are in the same domain, as far as I can tell both iis
> setting are the same.
>
> Can only one help me out?
>




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. Malcolm NZ Computing 0 09-08-2009 09:04 PM
ANN: python-ntlm - provides NTLM support, including an authenticationhandler for urllib2 Matthijs Python 0 12-10-2008 03:38 PM
What kind of items do you NEGOTIATE? buyer Digital Photography 0 01-25-2008 05:25 PM
Kerberos not being used, only NTLM - Login failed for user '(null)' DougM ASP .Net Security 1 09-23-2004 02:18 AM
WindowsIdentity.AuthenticationType returns "" steve baker ASP .Net Security 0 07-16-2003 03:11 PM



Advertisments