|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Dumb basic authentication and SSL questionI have a web directory protected by SSL and basic authentication. It works
fine. The user is prompted to authenticate before the page is displayed. It bothers me that there is no SSL padlock shown on the page during the basic authentication. I am guessing the logon is encrypted anyway, but I'd just like to check. W2K3 and IE6. Thanks, Anthony Hi,
Yes, the credentials are encrypted. The SSL handshake occurs before any data is transmitted at the HTTP layer. It's easy to verify yourself using a tool like Ethereal (www.ethereal.com) or Microsoft's NetMon (Network Monitor) Cheers Ken Show quoteHide quote "Anthony Yates" <anthony.spam@spammedout.com> wrote in message news:uOCNdTdeGHA.1272@TK2MSFTNGP03.phx.gbl... >I have a web directory protected by SSL and basic authentication. It works >fine. The user is prompted to authenticate before the page is displayed. > It bothers me that there is no SSL padlock shown on the page during the > basic authentication. I am guessing the logon is encrypted anyway, but I'd > just like to check. > W2K3 and IE6. > Thanks, > Anthony > Thanks very much, job done
Anthony Show quoteHide quote "Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message news:ewWGKOkeGHA.4892@TK2MSFTNGP02.phx.gbl... > Hi, > > Yes, the credentials are encrypted. The SSL handshake occurs before any > data is transmitted at the HTTP layer. It's easy to verify yourself using > a tool like Ethereal (www.ethereal.com) or Microsoft's NetMon (Network > Monitor) > > Cheers > Ken > > > "Anthony Yates" <anthony.spam@spammedout.com> wrote in message > news:uOCNdTdeGHA.1272@TK2MSFTNGP03.phx.gbl... >>I have a web directory protected by SSL and basic authentication. It works >>fine. The user is prompted to authenticate before the page is displayed. >> It bothers me that there is no SSL padlock shown on the page during the >> basic authentication. I am guessing the logon is encrypted anyway, but >> I'd just like to check. >> W2K3 and IE6. >> Thanks, >> Anthony >> > > 
Other interesting topics
Service principal name (SPN) / Active Directory Problem
What dictates whether the LOGON_USER Server Variable is sent? IIS6, Windows Integrated Authentication, Denied access Authenticate web access based on IP address in IIS5 Integrated Authentication with trusted domain. HTTPS : Secured and non secured item with absolute path Multiple SSL Sites on One Web Server Running on Port 443 Multiple secured web servers on same IP require multiple certificates? IWA not working Issuing a certificate |
|||||||||||||||||||||||
