Thursday, September 10, 2009

The case of multiple NTLM challenges with IIS7

A reader posed a question on Stack Overflow about a problem with authentication. The scenario was as follows:

This was a typical 3-tier application, in which the middle-tier (ASP.NET web server) was making a HttpWebRequest to a backend II7 server that required authentication.

When authentication method was set to Digest/Basic/Negotiate, the server worked fine, and the authentication succeeded. However, if the auth method was set to NTLM, the server started to challenge twice.

The reader investigate this, and found that this was caused by a Microsoft Security Update http://support.microsoft.com/kb/957097. Also, he came up with a solution for the problem.

Read more about the problem and it's solution at: http://www.tinyint.com/index.php/2009/08/24/401-error-on-httpwebrequest-with-ntlm-authentication/