none
Ntlm authentication RRS feed

  • Question

  • I have a wcf service with anonymous authentication disabled and Ntlm authentication on, The IIS have negotiate,Ntlm settings, The Application pool identity has SPN registered against it.
    I presume if i want to have only Ntlm authentication instead of kerberos, i dont need the setspn am i right?.

    when i run it under default application pool. The services dont seem to work until i change the iis providers to only Ntlm instead of Negotiate,Ntlm. I would like to know why. Is there a way to do this without changing the IIS providers. Any help would be appreciated.

    Thanks in advance

    Thursday, June 4, 2009 2:39 AM

All replies

  • -> i dont need the setspn am i right?.

    Yes. SPN is the Kerberos thing to needs mutual authentication instead of only authenticating the client as NTLM does.

    -> I would like to know why?

    It's because Kerberos will always be used instead of NTLM if it is supported and if you don't explicitly specify that you need NTLM authentication.

    Hope this makes sense to you.

    Thanks
    Marco

    Another Paradigm Shift
    http://shevaspace.blogspot.com
    Monday, June 8, 2009 8:19 AM