Geek asks and answers

Where the WWW-Authenticate header is added when using the WindowsAuthenticationModule

If I set Windows authentication to true in IIS7 and set anonymous authentication to false, I will get the WWW-Authenticate header. I assume this is a hint for the browser to open the authentication dialog. I'm trying to figure out where the WWW-Authenticate header lights up in the ASP.NET pipeline (and which class is responsible for setting it). I did quite a lot of Googling and looked at the WindowsAuthenticationModule and UrlAuthorizationModule in the reflector, but it didn't seem to be able to pinpoint it!

+3
source share
2 answers

Several modules in IIS 7 perform security related tasks in the request processing pipeline. In addition, for each authentication scheme, there are separate modules that allow you to select modules for the authentication types that you want on your server.

The one you're looking for is the WindowsAuthenticationModule, which performs NTLM Integrated Authentication. It is located in the Inetsrv \ Authsspi.dll folder.

The following figure shows the IIS7 HTTP request pipelining mechanism.

enter image description here

For full in-depth development, including the above material, visit: http://learn.iis.net/page.aspx/101/introduction-to-iis-7-architecture/

This should answer all your questions :-)

+1
source

IIS ​​ Windows, IIS.

.NET , web.config, IIS WWW-Authenticate .

:

https://www.owasp.org/index.php/Authentication_In_IIS

http://msdn.microsoft.com/en-us/library/ff647405.aspx

0

More articles:


All Articles