iis 7.5 - How can I set IIS Windows Auth Providers with powershell? -

-

is there way can add/remove/reorder windows authentication providers using powershell in iis 7.5?

i told, , have found no evidence contrary, ntlm provider faster negotiate when used windows auth. may or may not in combination silverlight 4, .net 3.5, windows 2003 active directory , iis6.

since statement told me, have upgraded iis7.5 ( server 2008r2 ), silverlight 5 , .net 4.5, ad still running @ 2003 function level.

my goal ensure ntlm provider listed first in list of enabled providers in iis 7.5.

thanks

you can enable , disable authentication methods available under following section:

system.webserver/authentication

this because system.webserver/authentication not collection , not support add , remove config elements. have in iis configuration schema file in:

c:\windows\system32\inetsrv\config\schema\iis_schema.xml

search system.webserver/security/authentication , see each child element of section explicitly defined , there no definition system.webserver/security/authentication itself.

with regards ordering, makes no difference trying change authentication method order. example in following order (basic before windows authenticaton):

<system.webserver>     <security>         <authentication>             <basicauthentication enabled="true" />             <windowsauthentication enabled="true" />         </authentication>     </security> </system.webserver>

and when swap order:

<system.webserver>     <security>         <authentication>             <windowsauthentication enabled="true" />             <basicauthentication enabled="true" />         </authentication>     </security> </system.webserver>

...will cause iis send following headers browser in 401 challenge (captured using fiddler):

http/1.1 401 unauthorized server: microsoft-iis/7.5 www-authenticate: negotiate www-authenticate: ntlm www-authenticate: basic realm="172.16.3.87"

in above, iis indicating browser supports kerberos, ntlm or basic authentication methods. out of box these authentication methods in order, regardless of browser vendor (i tried ie , chrome).

from observations using fiddler, both ie , chrome attempt negotiation using first available supported method browser. i.e. in case both ie , chrome negotiated kerberos authentication:

get http://172.16.3.87:81/ http/1.1 host: 172.16.3.87:81 connection: keep-alive authorization: negotiate tlrmtvntuaabaaaal4ii4gaaaaaaaaaaaaaaaaaaaaagabedaaaadw==

if base64 decode negotiate value says:

ntlmssp

it possible remove kerberos (negotiate) method doing:

<system.webserver>     <security>         <authentication>             <windowsauthentication enabled="true">                 <providers>                     <remove value="negotiate" />                 </providers>             </windowsauthentication>             <basicauthentication enabled="true" />         </authentication>     </security> </system.webserver>

however trying change order of these doing following have no effect:

<system.webserver>     <security>         <authentication>             <windowsauthentication enabled="true">                 <providers>                     <remove value="negotiate" />                     <remove value="ntlm" />                     <add value="ntlm" />                     <add value="negotiate" />                 </providers>             </windowsauthentication>             <basicauthentication enabled="true" />         </authentication>     </security> </system.webserver>

you still sent www-authenticate: headers in order of:

www-authenticate: negotiate www-authenticate: ntlm www-authenticate: basic realm="172.16.3.87"

Comments

Post a Comment

Popular posts from this blog

java - JavaFX 2 slider labelFormatter not being used -

-
i have following code not label slider "foo50", etc... 1 expect setlabelformatter call, instead seems have no effect (the slider labelled 50, 100, etc , println's dont run). there missing? not implemented in default 2.2 skin? using oracle java 7 package javafxbugtest; import javafx.application.application; import javafx.scene.*; import javafx.scene.control.*; import javafx.stage.*; import javafx.util.stringconverter; public class javafxbugtest extends application { @override public void start(final stage primarystage) { slider cp = new slider(); cp.setlabelformatter(new stringconverter<double>() { @override public string tostring(double t) { system.out.println("nope?"); return "foo" + t.tostring(); } @override public double fromstring(string string) { system.out.println("he
Read more

Detect support for Shoutcast ICY MP3 without navigator.userAgent in Firefox? -

-
the current version of mozilla firefox 23.0.1, version not support play mp3 shoutcast streams tcp port different 80 (most common 8000 shoutcast 1.9.8). i use flash when mp3 support not available in html5 audio, way detect is: try{ var = document.createelement('audio'); r = !!(a.canplaytype && !!a.canplaytype("audio/mpeg; codecs=mp3").replace(/^no$/,'')) }catch(e){ r = false; } the support mp3 shoutcast streams in firefox added in version 24 . a.canplaytype("audio/mpeg; codecs=mp3") = in chrome , firefox, chrome support, firefox not support, due current code detect not work firefox. the current version of jquery support ie 6 1.10.2, version not has .browser i think "stylized" way testing features , not querying browsers / versions, notwithstanding here see hard not violate "principle". what "stylized" way of detect mp3 icy support without navigator.useragent in firefox? ther
Read more

web - SVG not rendering properly in Firefox -

-
i have problem svg renderring in firefox. whilst works in safari, chrome or in ie, doesn't work in firefox. inspecting element seems layers there, background visible if it's z-index higher z-index of others. rendered in firefox: svg logo in firefox link original source file: svg file thanks help. ps: used sketch 3 export svg. if helps somehow. you're experiencing bug 995813 . i fixed bug time ago change still making way through release process example display correctly firefox 31 onwards released on 22 july 2014. in meantime if move fill="white" <mask> element child <use> element work around firefox bug.
Read more