By default, the NTAuthenticationProviders metabase property will not be defined when IIS installed. The "Negotiate, NTLM" will be used as the default value when the NTAuthenticationProviders metabase property is not defined. So, the NTAuthenticationProviders metabase property will not need to be configured to use the "Negotiate,NTLM" property value unless the default value has been overwritten.
To check the current value for NTAuthenticationProviders metabase property:
1. Launch Internet Information Services (IIS) Manager, find out the Web Site ID:
2. Start command prompt
3. Go to directory C:\Inetpub\Adminscripts 4. Enter command: cscript adsutil.vbs get w3svc/
If the NTAuthenticationProviders metabase property has not been configured, result below will be shown:
The parameter "NTAuthenticationProviders" is not set at this node.else, the configured value will be shown (example):
NTAuthenticationProviders : (STRING) "Negotiate,NTLM"To configure the NTAuthenticationProviders metabase property to support Kerberos and the NTLM protocols (Negotiate):
• At the command prompt, go to directory C:\Inetpub\Adminscripts, enter command cscript adsutil.vbs set w3svc/To remove the value for the NTAuthenticationProviders metabase property:/root/NTAuthenticationProviders "Negotiate,NTLM"
• At the command prompt, go to directory C:\Inetpub\Adminscripts, enter command cscript adsutil.vbs delete w3svc/Authentication Test Page/root/NTAuthenticationProviders
A Web Page such as below can be used to test the Authentication Mode currently used for the communication:
<%@ Page Language="C#" %>
<html>
<head>
<title></title>
</head>
<body>
<%= "LOGON_USER: " + Request.ServerVariables["LOGON_USER"] + "<br>" %>
<%= "AUTH_USER: " + Request.ServerVariables["AUTH_USER"] + "<br>" %>
<%= "AUTH_TYPE: " + Request.ServerVariables["AUTH_TYPE"] + "<br>" %>
<%= "HTTP_Authorization: " + Request.ServerVariables["HTTP_Authorization"] + "<br>" %>
</body>
</html>
No comments:
Post a Comment