Hi Julius, > Whenever I've coded my own JSP/Servlet pages to accept NTLM, > I always trade in the successful NTLM auth for a session cookie. > [...] > But maybe that's just me. Who knows how other servers out there do it.
Somehow, I doubt that a MS proxy server with NTLM authentication hands out cookies :-) Authentication is typically handled by the application server infrastructure. If you check the box somewhere in MS IIS, then the server will require authentication before the request ever reaches the (ASP) application. If it's an application in the first place and not just a bunch of static pages. I'm afraid we'll have to make sure that NTLM authenticated connections are either not re-used at all, or only by someone with the appropriate credentials. And especially in the proxy scenario, re-use would really improve performance. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
