NTLM authentication using custom (asp.net) form

Question

NTLM authentication using custom (asp.net) form

Is it possible to program user authentication using NTLM (on asp.net)?

I would like to have control over the appearance of the website, where I will have a form in which users enter their username / password. Then I would ask NTLM to verify the information provided and, if valid, redirect them to a virtual directory?

+3

asp.net forms-authentication ldap

Andrés Nava - .NET Feb 05 '10 at 21:16

source share

1 answer

realMarkusSchmidt · Accepted Answer · 2010-02-05T21:36:53+0000

NTLM is a protocol that a web browser will speak directly to a web server (such as IIS) to authenticate a user without the participation of your application. This is what you want to avoid because you want to submit a “nice” login form.

So you need to do the following: request the username and password on the form and independently verify these credentials in Active Directory. Here is a Microsoft article describing how to do this in ASP.NET: http://support.microsoft.com/kb/326340/en-us

However, remember a few points:

Do not forget that, unlike NTLM, user passwords will be transmitted in clear text if you do not use SSL to publish the website. You should never allow users to enter their AD password on an unencrypted website.
( , ), , , ...
IIS6 , , ASP.NET; IIS , .

NTLM authentication using custom (asp.net) form

More articles: