Is there a way (on IIS 7) to use SSL during basic authentication, and then somehow go to a non-SSL session? We have an intranet app which users have requested to have visible outside the organization, so we need to SSL encrypt the basic authentication process, but there's no real need to encrypt the rest of the session and don't want to deal with the slowdown.
+1
A:
The joy (sic) of HTTP Basic authentication, besides sending the password in cleartext, is that the browser will keep sending the password, with every request sent to the server. As such, theres no real "authentication process" that is separate from the rest of the session, it occurs continuously throughout the session.
With other types of authentication, this could work if you separate out the login page to its own web app... but with basic it just wont make sense, sorry.
AviD
2009-06-10 14:46:46