On Wed, 7 Sep 2005 16:22:02 +0300, "Coldman" <no********@mail.com> wrote:
¤ hi,
¤ IIS 5 and 6, IE 5 and 6, simple authentication
¤ does the browser send the username and password in clear text on every
¤ request after been authenticated?
¤
I guess it depends on what you mean by simple authentication. For Basic authentication the user ID
and password are not encrypted and can be impersonated and delegated at the web server. With
Integrated Windows Security, NTLM handles the authentication and credentials can be impersonated but
not delegated unless Kerberos is configured. Clear text credentials are not an issue with Integrated
Windows Security.
Paul
~~~~
Microsoft MVP (Visual Basic)