Shulou(Shulou.com)06/01 Report--

This article mainly talks about "the method of verifying HTTP identity in Windows system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "Windows system HTTP identity verification method" it!

HTTP authentication method:

The following are the most common authentication methods for Windows clients.

1.Anonymous

Anonymous access means that authentication is not involved. Therefore, the user does not need to provide a user name and password to authenticate to the server. For example, you can configure anonymous method to receive email on Exchange server public network.

2.Basic (basic authentication)

Basic authentication is the least secure authentication because it allows user names and passwords to be sent in clear text. This way is not safe.

3.Digest

Digest authentication is better than basic authentication because it uses a challenge-response method to make it difficult to steal passwords or user names. However, this is not a very safe approach. The default IIS has deprecated the secondary authentication method

4.NTLM

Compared with digest authentication, (NTLM) provides a better challenge-response method. However, this is an outdated technology, and this authentication is used only in cases where more secure authentication, such as Kerberos, is not available.

5.Negotiate (negotiated authentication)

Negotiation provides a choice between NTLM authentication and Kerberos authentication. Kerberos is a faster and very secure protocol that uses mutual authentication, so it is more trial-tested than NTLM. In mutual authentication, both the client and the server authenticate each other, providing a higher level of security.

Recommended when configuring IIS authentication

Use Kerberos authentication whenever possible

Kerberos has been the default authentication protocol in Windows since 2000, but NTLM authentication may be required in some cases. For example, if third-party or legacy clients do not support Kerberos, you can use NTLM. If you have some applications that do not support Kerberos, you may support NTLM.

If you do not have an available Kerberos, such as using Basic with SSL certificate encryption, but do not use Basic without SSL, because it provides very low security.

Avoid using Digest (summary) authentication.

At this point, I believe that everyone on the "Windows system HTTP identity verification method" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.