NTLM Authentication in Asp.net

1
votes

After reading this article. I have some questions about NTLM Authentication.

When I apply NTLM in a asp.net web site

  1. Does the challenge/response process happened between Web Browser and IIS?
  2. Where are the credentials stored in the client after succeeding to authenticate? Because after that, I don't need to input user and password anymore. So I think the stored credentials must be passed to server to be authenticated in some ways.
  3. Can I just use the available credentials for SSO? If I can, How to make it ?
1
javaasp.netsingle-sign-onwindows-authenticationntlm

1 Answers

2
votes

  1. Yes, IIS sends a challenge to the client, your Web Browser will compute a response based on the challenge.

  2. This is up to the browser. It should cache the credentials you provide in-memory so that it can response to future challenges.

  3. This is also up to the browser. Some browsers on Windows use the InitializeSecurityContext function to perform NTLM / SPNEGO authentication. In this case, single sign-on should be available if you have a trust relationship with the remote machine or you have "shadow accounts" setup (such that you have the same username/password on the local and remote machines.) Some browsers, however, use their own NTLM libraries instead of going to the system authentication mechanisms, for example Firefox. In this case, single sign-on is not available.