Reputation: 26981
ASP.NET Always include Kerberos authentication in client response
Is there a way to configure IIS or mark up my code so that the client (any major modern browser) will always include Kerberos information in the response without having to make any modifications to the client itself?
In this specific server method, I'm using ASP.NET impersonation with delegation enabled in AD and it would seem that from firefox and a few other clients, Kerberos data is not being passed from the client to the server.
My application only has Windows Authentication enabled, but how can I force the requests to pass Kerberos information along?
If it helps, I'm using jquery's ajax to GET or POST my requests to the server.
Upvotes: 1
Views: 601
Answers (1)
Reputation: 6515
As long as your server is returning "WWW-Authenticate" headers that indicate it accepts Kerberos authentication ("Negotiate"), the client should automatically supply the necessary credentials. Make sure that Negotiate is listed as a possible provider for Windows Authentication in the Authentication configuration of your application. You'll probably want to disable NTLM in that list.
You can tell if the client is sending Kerberos tickets if you look at the HTTP headers. It should have something like "Authorization: Negotiate YIIN..."; the first few base64 characters of the payload let you distinguish between Kerberos and NTLM.
Upvotes: 1
Related Questions
- User login in asp.net MVC using windows authentication without prompt
- Kerberos Authentication in IIS 7 Windows Server 2012
- End-to-end kerberos delegated authentication in ASP.NET
- Kerberos not working with Chrome
- Authenticate with Kerberos in .NET Web API
- Implement Kerberos authentication using C# on IIS
- Asp.net and Kerberos Authentication
- Kerberos authenticated MVC App inside an anonmyous access Site
- kerberos in asp.net
- How to connection to an IIS website using Kerberos