Why there are three rounds of message exchanges for integrated windows authentication for IE

Posted by user197658 on Server Fault See other posts from Server Fault or by user197658
Published on 2013-11-08T00:16:41Z Indexed on 2013/11/08 3:58 UTC
Read the original article Hit count: 436

Filed under:
|
|

According to the result monitored by fiddler, there are totally 3 handshakes for integrated windows authentication for IE.

GET /home

-

401 Unauthorized

WWW-Authenticate: Negotiate, NTLM


GET /home

Authorization: Negotiate UYTYGHGYKHKJPPP-===

-

401 Unauthorized

WWW-Authenticate: Negotiate UYUGKJKJKJ+++766==


Get /home

Authorization: Negotiate HJGKJLJLJ+++===

-

200 OK

WWW-Authenticate: Negotiate UHLKJKJKJJLK===


Who knows what concrete things are done for the three, especially the 2nd one.

P.S. The network environment is work group mode, other than domain mode, and the server is a website hosted on my local PC. In other words, the client (IE) & the server are both in the same machine.

© Server Fault or respective owner

Related posts about kerberos

Related posts about internet-explorer