[jcifs] Turn off NTLM authentication in IE after it hasbeen set?

Michael B Allen mba2000 at ioplex.com
Fri Jan 16 04:05:28 GMT 2004 

> Thanks for your response.
> I would like to be able to turn NTLM off on IE(no IE login prompt) so I can
> log in via my product logon screen. Do you know if there is a way to reset
> IE's WWW-Authenticate to not use NTLM any longer after it has been set?

The way this works is when IE sends a request, the filter sends WWW-Authenticate:
NTLM, which initiates a little back-and-fourth to get the password hashes,
authenticates the user against the domain controller, and if successful stores
that in the form of an NtlmPasswordAuthentication object in the HttpSession as an
attributed keyed by the String "NtlmHttpAuth". If subsequent requests see that
NtlmHttpAuth attribute no additional negotiation occurs[1]. It's HTTP business as
usual. Now, if you decide to all of the sudden do some kind of additional
authentication that's fine. You could sen WWW-Authentication: Basic and do Basic
authentication (hopefully with SSL). So I don't think you want to "reset" it other
than to maybe remove the "NtlmHttpAuth" attribute. You don't need to actually
"logout" first. You could just do your authentication as usual. Now if the user
isn't a member of any domain and the authentication is failing then you might need
to somehow bypass the filter or disable it. For example you could have an
alternate URL that does your regular form based authentication and then create an
default NtlmPasswordAuthentication object and put it in the HttpSession so the
filter let's you through. Or as someone else explained you could modify the filter
to recognise some parameter in the URL to trigger the alternate authentication
method. Just be careful you don't accedentally drop the pants on your site.
Perhaps we can work in a standard way to use alternate form based authentication.
I'll look into it. I know that doesn't help you right know but that's all I can
do.

Mike

-- 
A program should be written to  model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the  potential for it  to be applied  to tasks that are
conceptually similar and, more  important, to tasks that have not
yet been conceived.

More information about the jcifs mailing list