iis ftp: NTLM/Browser Storing Any Sessions ?? -- iis ftp

NTLM/Browser Storing Any Sessions ??

srihari1986 NO[at]SPAM gmail.com
11/19/2006 6:33:48 AM

iis ftp:

Hi All,

Right now we have a proxy server which has enabled NTLM Autentication
Enabled for all Internet Website. Normally all the users must be logged
into the domain. But whenever the user try to access the intranet
website it does not go thorugh the proxy because we have added an
exception in the IE and also in our Router to bypass the intranet
traffic not go to the Proxy.

The problem is whenever the users logs into the domain for the first
time and tries to access the intranet websites he get an NT
Authentication Prompt(it could be the server has been enabled with the
NT Authentication option for users). After the user gets the prompt he
does not enter it and he cancels it.

After that he tries to access the internet website which goes through
the proxy and the user is authentication with the NTLM option.After
accessing the internet website he tries to access the intranet website
and he is not prompted for any authentication.

I am not sure why he is not prompted for any authentication. Is it
because the Browser has any cookies or sessions enabled which passes
the authentication to the Intranet Website also? And also whenever i
clear the NTLM Session details from my proxy and i am prompted for
authentication when i try to access the intranet page again? Does the
proxy server delete any sessions from the PC also when it is deleted
in the server?

Thanks
Hari

Re: NTLM/Browser Storing Any Sessions ??

Bernard Cheah [MVP]
11/21/2006 12:00:00 AM

Interesting.. but you should post this to .iis.security.
This is IIS FTP group. I'm not sure why sounds like the session was still
active.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/

[quoted text, click to view]