|
|
|
date: Wed, 7 Mar 2007 02:52:15 -0800,
group: microsoft.public.platformsdk.internet.server.isapi-dev
back
Re: Anonymous to Windows authentication
This is not feasible.
IIS will not allow an authentication scheme that is not enabled on a
resource. Changing the www-authenticate headers will trick the client, but
will not change what the server allows.
Also, I should point out that there is no case ever where you should adjust
the www-authenticate headers that IIS itself adds. These headers match
exactly what the configuration allows. If you want to remove a header, you
should change the configuration. And as above, if you add a header, you
will just trick the client into making a request that cannot be served.
There is a use case for adding www-authenticate headers, and would be when
you implement a totally new authentication scheme. IIS provides the
SF_NOTIFY_ACCESS_DENIED notification expressly for this purpose. Note that
any solution that involves doing this would also involve having code on the
client that recognizes the new authentication type and knowing what to do
with it.
Thank you,
-Wade A. Hilmo,
-Microsoft
"dareag" wrote in message
news:940DE8E6-4E2F-4F9F-9EA8-9B0862CDEF59@microsoft.com...
> Hi
> My previous thread was trying to ask how to go from windows authentication
> to locally authenticating a user after windows fails.
>
> As another approach would it be possible to have IIS use Anonymous access,
> and use a filter to check the user credentials in a database to determine
> whether to do windows or local authentication. If it is windows
> authentication, get the filter to set www-authenticate header for NTLM.
>
> Is this feasible or would IIS do nothing because integrated authentication
> is not turned on?
> --
> regards Dave
date: Wed, 7 Mar 2007 09:01:43 -0800
author: Wade A. Hilmo [MS]
|
|
