Category: Security

500.19 when setting up WebDAV on a UNC File share

IIS Benjamin Perkins

I have written some instruction on how I setup a WebDAV installation that uses Windows Authentication and UNC here. An important concept to understand before you start setting up a WebDAV solution using this configuration is the difference in behavior when you are logged on and testing from the IIS server versus testing from a […]

Read More →

Enable CAPI2 event logging to troubleshoot PKI and SSL Certificate Issues

Security Cyber Benjamin Perkins

The CryptoAPI 2.0 Diagnostics is a feature available on Windows Server 2008+ that supports the trouble shooting of issues concerned with, for example: Certificate Chain Validation Certificate Store Operations Signature Verification This article describes how to enable the CAPI2 Diagnostic, but for an in depth review of the capability, check here. Enable CAPI2 logging by […]

Read More →

Setting up WebDAV on IIS using Windows Authentication and a UNC, mapped drive or file share

IIS Benjamin Perkins

I have spent some hours setting up a solution defined in the title of this article. I want to make clear that there are numerous ways of configuring this and there are numerous Kerberos/Windows Authentication configuration possibilities based on different SPNs, IE Zones, Application Pool identities, etc… This article is intended to provide 1 possible, […]

Read More →

Secure channel compatibility support with SSL and TLS

Security Cyber Benjamin Perkins

I wrote 2 previous blogs about NTLM and Negotiate/Kerberos which discussed briefly about how those authentication packages work within the context of Integrated Windows Authentication. Another authentication package supported in Windows is called Secure Channel, also known as Schannel. This blog will not discuss the details of Schannel because the detail can be found here. […]

Read More →

Kerberos authPersistNonNTLM authentication, request based vs. session based authentication

IIS Benjamin Perkins

Kerberos is a request based authentication protocol. That means with each request, there is a resulting authentication step. See the following figure 1 where you notice a Ticket request for each GET Http Command. Figure 1, Network Monitor log for request based authentication This article covers the implementation of the authPersistNonNTLM attribute, that when set […]

Read More →

Integrated Windows Authentication with NTLM

IIS Benjamin Perkins

IIS provides a number of different authentication techniques. One of which is Integrated Windows Authentication. Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. The preceding image shows a standard communication flow between Internet Explorer and IIS version 6+. The initial request […]

Read More →

Integrated Windows Authentication with Negotiate

IIS Benjamin Perkins

IIS provides a number of different authentication techniques. One of which is Integrated Windows Authentication. Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. The preceding image shows a standard communication flow between Internet Explorer and IIS version 6+. The initial request […]

Read More →