Security

Integrated Windows Authentication

Integrated Windows authentication—formerly known as both NT LAN Manager (or NTLM) and Windows NT Challenge/Response authentication—is more secure than Basic authentication. This authentication scheme works especially well in an intranet environment where users have Windows domain accounts.

In integrated Windows authentication, the browser attempts to use the current user’s credentials from a domain logon. If those credentials are rejected, integrated Windows authentication will prompt the user for a user name and password by means of a dialog box. When integrated Windows authentication is used, the user’s password is not passed from the client to the server. If a user has logged on as a domain user on a local computer, the user won’t have to be authenticated again when accessing a network computer in that domain.

The user is not prompted for a user name and password for each HTTP request; rather, this will happen only when the cached credentials do not have sufficient permissions to access a specific page or file.

See the following:

• The Role of Negotiation
• Integrated Windows Authentication Header Flow

© 1997-1999 Microsoft Corporation. All rights reserved.