www-authenticate

Can I indicate to clients that SPNEGO is supported but NTLM is not for HTTP requests?

The two WWW-Authenticate additions Microsoft makes use of that I am currently aware of are NTLM Negotiate If Negotiate is sent down from the server, based on a set of conditions Kerberos will be used Intranet Zone Accessing the server using a Hostname rather then IP Integrated Windows Authentication in IE is enabled, the host is tr...

IIS7 Win2008 ... Response does not include WWW-Authenticate header?

Hey all, I've encountered a Win2008 IIS7 installation that appears to be refusing to send the WWW-Authenticate response headers automatically (the virtual dir is configured for Anonymous and Windows Authentication... and the first request is being rejected with a 401-Unauthorized response). My clean test environment does this properly ...

WWW-Authenticate signout

I noticed that once Firefox pops up a modal in response to a WWW-Authenticate header in an HTTP response. Then, Firefox saves the username/password until Firefox is closed. The Web Developer plug-in makes it possible for developer-minded people to logout. But what HTTP message should be sent to the browser to lose those cached credent...

Multiple WWW-Authenticate challenges

Regarding multiple WWW-Authenticate challenges, according to the specification, they can be returned either within the same WWW-Authenticate header or by using multiple WWW-Authenticate headers within the same response. Is there a consensus on which method is preferred? ...

Authentication Error

I am trying to view a web page, fron an Android app, that requires authentication and get the following message: ----- Android webView error start -------- "You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending WWW.Authenticate header field that the Web se...