Is it possible to implement SPNEGO through an isapi filter? I believe with NTLM, the channel was required to remain open between the second and third phase of the negotiation, so I dont believe an isapi filter could handle it (or can it?). Im not sure if this has changed with SPNEGO, so is it theoretically possible though a filter? I realize it would be more efficient with the extension though. Any pointers to existing source would be great as well. I know IIS has the built in ability to handle this, but do have reasons for needing to do this in code outside of iis's built in ability. Thanks! -- Adam
Hi Adam, Unfortunately Microsoft doesn't assist with any aspect of the SPNEGO or Kerberos protocol. Microsoft provides support with SSPI (and Microsoft's example of doing GSS) works with blobs and NOT with tickets. However implementation of Kerberos or deciphering SPNEGO token's is beyond the support of Microsoft. Some general reference of SPNEGO: HTTP-Based Cross-Platform Authentication via the Negotiate Protocol http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht ml/http-sso-1.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht ml/http-sso-2.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht ml/http-sso-3.asp Best regards, WenJun Zhang Microsoft Online Partner Support This posting is provided "AS IS" with no warranties, and confers no rights.
