NTLM authentication using custom (asp.net) form

Question

Is it possible to programatically authenticate a user using NTLM (on asp.net)?

I would like to have control over the look and feel of the website where I would have a form that users enter their username/password. I would then query NTLM to validate the provided information and if valid, redirect them to a virtual directory?

Answer 1

NTLM is the protocol the web browser would talk directly to the web server (e. g. IIS) to authenticate the user, without your application being involved. That's what you want to avoid, because you want to present a "nice" logon form.

So what you need to do is: prompt for user name and password in a form, and validate these credentials against Active Directory yourself. Here is a Microsoft article describing how to do it in ASP.NET: http://support.microsoft.com/kb/326340/en-us

However please remember a few points:

• Don't forget that, unlike in case of NTLM, user's passwords will be transmitted in clear text unless you use SSL to publish the web site. You never should users allow to enter their AD password on an unencrypted web site.
• If some of your users were automatically authenticated (transparent login, no prompt for password at all) before, which should be the default behavior in an Intranet scenario, these users won't like your login form, no matter how nice it looks...
• The default behavior in IIS6 would be that only pages generated by ASP.NET would be protected; as you would have to configure IIS to allow anonymous requests to the applications, static files could be requested by any user.