ASP.NET HTTP Keep-Alive Connection Context

Question

I am working on replacing integrate windows authentication in an ASP.NET application by handling the NTLM authentication manually. The NTLM authentication is not a problem, I have a complete open source implementation of the NTLM SSPI module (https://github.com/FreeRDP/FreeRDP/tree/master/winpr/libwinpr/sspi/NTLM). My main problem is with the fact that NTLM is connection-oriented, while HTTP is normally stateless. After reading about NTLM authentication, it is described as requiring the use of the HTTP Keep-Alive, where no cookie is being sent with every request. As long as the connection is kept alive, the NTLM authenticated state remains.

I found ways to properly enable HTTP keep-alive in IIS, but I found no way in ASP.NET to associate data with a specific connection. Even if a cookie can be given to the client at the end of NTLM, NTLM cannot be completed if no session state is maintained between receiving the NTLM CHALLENGE and sending the NTLM AUTHENTICATE message. Obviously, when using the built-in integrated windows authentication support of IIS, it is able to keep track of the state between the multiple steps of NTLM authentication.

What I am looking for is a way to track multiple requests coming in for the same HTTP connection that is kept alive. Data in HttpRequest appears to only be specific to the current request, and nothing allows me to identify the connection. At best, maybe one of the server variables (http://msdn.microsoft.com/en-us/library/ms524602.aspx), like the connection ephemeral port, could be used to identify the same connection. This could potentially work, but I could not find a way to reliably detect when the associated connection is closed.

Ideas, anyone?

Answer 1

There is no such a way to find out whether the current request is in new tcp connection or re-used the connection.

It can be done by sent extra header to identified current tcp connection in http header.