How to find if NTLM or Kerberos is used from WWW-Authenticate: Negotiate header

.net kerberos ntlm negotiate www-authenticate
IT Hit WebDAV picture IT Hit WebDAV · Apr 8, 2011 · Viewed 30.9k times · Source

I am programming a client application in .Net that communicates with server via HTTP.

I need to set different request buffering options in case of NTLM and Kerberos authorization.

How to find out if NTLM or Kerberos is used? Is it possible to somehow decode 'WWW-Authenticate: Negotiate' header?

Answer

Taras Kozubski picture Taras Kozubski · Sep 9, 2013

You will find answer here.

Short answer is:

1.Capture some successfully authorized request using Fiddler tool.
2.Choose "Inspectors" -> "Headers" tab.
3.Pay attention at "Cookies / Login" section, "Authorization" header.

If the Authorization token begins with "YII" then Kerberos is used, but if it begins with "TlR" then Kerberos is not used.

For example Kerberos:

Authorization: Negotiate YIIVDAYGKwYBE...

Not Kerberos:

Authorization: Negotiate TlRMTVNTUA...

Related questions

How to get Service Token from Kerberos using SSPI

Objective: I am trying to build Proof Of Concept client app to implement Single Sign On by using SSPI. I am new to C# and I am getting confused. What I know and have done so far: All users are …

Read More
How to make an HTTP POST web request

Canonical How can I make an HTTP request and send some data using the POST method? I can do a GET request, but I have no idea of how to make a POST request.

Read More
How can I convert String to Int?

I have a TextBoxD1.Text and I want to convert it to an int to store it in a database. How can I do this?

Read More