After reading this article. I have some questions about NTLM Authentication.
When I apply NTLM in a asp.net web site
- Does the challenge/response process happened between Web Browser and IIS?
- Where are the credentials stored in the client after succeeding to authenticate? Because after that, I don't need to input user and password anymore. So I think the stored credentials must be passed to server to be authenticated in some ways.
- Can I just use the available credentials for SSO? If I can, How to make it ?