开发者

why IE keep sending NTLMSSP_NEGOTIATE even though I switch to use login form?

开发者 https://www.devze.com 2023-01-21 19:54 出处:网络
I implement NTLM SSO, it works well, but when I want to switch to use login form, IE doesn\'t work: 1.SSO into my website

I implement NTLM SSO, it works well, but when I want to switch to use login form, IE doesn't work:

1.SSO into my website

2.clear sess开发者_开发百科ion and redirect to login page

3.key in username and password

4.submit and because the login i have bypass the SSO filter, so it works well in Firefox browser. But in IE, it still send a request with ntlmssp_negotiate message in it, but not a post request with username and password in a form. When this happens, user can not successfully login into the system.

So my question is : How can I stop IE from sending ntlmssp_negotiate request ???


Don't worry, what's your IE version? It is a reported problem with MS-IE.

MS IE "requires NTLM authentication for all visits to a website after you visit one NTLM authenticated folder of the website". Besides, IE would cache your credential at first NTLM login if the register table permitted.

I have seen this issue before in my NTLM based Web SSO project. You may record the session a special status, e.g. "Fake Login" and authenticate the login but discards the user info. The next POST action would provide the form data and you can identify the user ID from form data later.

Please refer to http://www.websina.com/bugzero/kb/browser-ie.html


IE does an optimization: Once it learnt that it will always get a 401 anyway and will have to retransmit all those bulky POST-data items (like file upload), it will just leave them away, anticipating a 401 and only sending them the next time.

I solved it with running NTLM on another port.

0

精彩评论

暂无评论...
验证码 换一张
取 消