3

There is a server running on linux box which understand kerberos, which also process SPNEGO and understands only kerberos but it does not understand NTLM

The firefox and IE logins and access the web page succesfully using kerberos tokens without prompting again for the password.

Now, I am trying to write a application using WinHTTP library. I followed the example from here http://msdn.microsoft.com/en-Us/library/aa383144(v=vs.85).aspx

In the WinHttpSetCredentials call, i do not want to set the username password instead i want to tell this call to use existing credential. How do I do that?

If i mention blank for username and password it does not work, it falls back to NTLM and fails.

So can someone tell me how to use WinHTTPSetCredentials?

kalyan
  • 3,076
  • 1
  • 22
  • 29

2 Answers2

1

In fact you need to set the HTTP_OPTION_AUTOLOGON_POLICY to allow auto-logons to work (see WinHttpSetOption). With this the WinHTTP library will handle the 401 refusal accompanied by a WWW-Authenticate: Negotiate and subsequent Kerberos based retry automagically.

Andrew Smith
  • 91
  • 1
  • 3
0

You have to set AuthScheme parameter to WINHTTP_AUTH_SCHEME_NEGOTIATE

Yves Martin
  • 10,217
  • 2
  • 38
  • 77
  • This is not enough! Still can't login using Kerberos to a webpage inside of Windows domain. – Sergey Feb 20 '13 at 20:47
  • Is your IIS properly setup, running with a trusted identity in domain ? You have to check your IE/Firefox negotiate a TGS for the SPN of your IIS server. You can use "kerbtray.exe" to do so. – Yves Martin Feb 21 '13 at 09:29