Like many technologies, they seem very complicated when you begin to work with it, but once you get into it you start to hit the boundaries of its capabilities and features. Once you use a tool for some time you learn what it can and cannot do, and therefore when there is a problem you […]
Read More →Category: Security
500.19 when setting up WebDAV on a UNC File share
I have written some instruction on how I setup a WebDAV installation that uses Windows Authentication and UNC here. An important concept to understand before you start setting up a WebDAV solution using this configuration is the difference in behavior when you are logged on and testing from the IIS server versus testing from a […]
Read More →Enable CAPI2 event logging to troubleshoot PKI and SSL Certificate Issues
The CryptoAPI 2.0 Diagnostics is a feature available on Windows Server 2008+ that supports the trouble shooting of issues concerned with, for example: Certificate Chain Validation Certificate Store Operations Signature Verification This article describes how to enable the CAPI2 Diagnostic, but for an in depth review of the capability, check here. Enable CAPI2 logging by […]
Read More →Setting up WebDAV on IIS using Windows Authentication and a UNC, mapped drive or file share
I have spent some hours setting up a solution defined in the title of this article. I want to make clear that there are numerous ways of configuring this and there are numerous Kerberos/Windows Authentication configuration possibilities based on different SPNs, IE Zones, Application Pool identities, etc… This article is intended to provide 1 possible, […]
Read More →Secure channel compatibility support with SSL and TLS
I wrote 2 previous blogs about NTLM and Negotiate/Kerberos which discussed briefly about how those authentication packages work within the context of Integrated Windows Authentication. Another authentication package supported in Windows is called Secure Channel, also known as Schannel. This blog will not discuss the details of Schannel because the detail can be found here. […]
Read More →Kerberos authPersistNonNTLM authentication, request based vs. session based authentication
Kerberos is a request based authentication protocol. That means with each request, there is a resulting authentication step. See the following figure 1 where you notice a Ticket request for each GET Http Command. Figure 1, Network Monitor log for request based authentication This article covers the implementation of the authPersistNonNTLM attribute, that when set […]
Read More →Integrated Windows Authentication with NTLM
IIS provides a number of different authentication techniques. One of which is Integrated Windows Authentication. Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. The preceding image shows a standard communication flow between Internet Explorer and IIS version 6+. The initial request […]
Read More →Integrated Windows Authentication with Negotiate
IIS provides a number of different authentication techniques. One of which is Integrated Windows Authentication. Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. The preceding image shows a standard communication flow between Internet Explorer and IIS version 6+. The initial request […]
Read More →