Integrated Windows Authentication

Hi there,

 

 

I found a past case where someone requested help building a monitor that uses Windows Authentication (NTLM). Here is a note from that case:

 

 

 

The monitor has no mechanism to negotiate the Kerberos or NTLM portion of the Window Authentication method. The monitor is simply looking for values in the receive string to be returned to it.

 

 

I can send up a Feature Request to development to ask to have this functionality added in a future release.

 

 

The only other suggestion that I can make would be to spend some time with our consulting team. They may be able to come up with a script that your monitor can use to negotiate the Windows Integrated Authentication and grep for content of the page received, and forward the pass or fail to the monitor.

 

 

 

And some info from a related (unpublished) solution:

 

 

 

Do BIG-IP monitors support HTTP NTLM Authentication?

 

 

BIG-IP does not support NTLM authentication by default, however it may be possible to create an external monitor to do this.

 

 

To see how NTLM HTTP authentication works, you may access this URL

 

 

Authentication in WinHTTP

 

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/authentication_in_winhttp.asp

 

 

IIS Authentication

 

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconiisauthentication.asp

 

 

IIS 4.0 and 5.0 Authentication Methods Chart

 

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/maintain/featusability/authmeth.mspx

 

 

 

It also looks like there might be perl modules you could use in an external monitor that could handle the NTLM authentication. Of course, this wouldn't be a supported option, but it could work.

 

 

And, as it seems that there are a fair number of requests for NTML authentication support in monitors, you might consider opening a case with support and asking for this in an RFE.

 

 

Aaron