Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 174775 - Last Review: July 7, 2008 - Revision: 5.1
How Windows NT Challenge/Response Works
This article was previously published under Q174775
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
For more information about IIS 7.0, visit the following Microsoft Web site:
Microsoft Internet Information Server (IIS) supports Microsoft Windows NT
Challenge/Response authentication that a user identifies without requiring
the transmission of actual passwords or account information across a
network.
However, the Web server authenticates users by carrying out a procedure
that challenges the user's Web browser to carry out a specific
mathematical computation involving the password and to respond by
returning the results of the computation to IIS. IIS then duplicates this
computation using the user's account password information, and compares
this result to the user's result. If both results match, IIS recognizes
that the user has the correct password and grants access.
Your server will not switch to another authentication method if the user
is initially denied access. Instead, the user's Web browser will prompt
the user for a user name and password that the browser will process and
send to IIS as part of the Windows NT Challenge/Response authentication
protocol. If this second authentication attempt fails, the user will be
denied access to IIS.
You will find Windows NT Challenge/Response authentication useful in an
intranet environment, where both user and Web server computers are in the
same, secure domain. Additionally, you can only use Windows NT
Challenge/Response to authenticate users that logon with Web browsers
capable of supporting this method. Currently, Microsoft Internet Explorer
version 2.0 or later is the only Web browser that supports Windows NT
Challenge\Response.
APPLIES TO
- Microsoft Internet Information Services 6.0
- Microsoft Internet Information Server 2.0
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate