Partilhar via


Is my web site using Kerberos or NTLM authentication?

If you are not sure if Kerberos or NTLM authentication is used in your web application then you can use the script given in the following blog:

https://www.ilinfo.fr/blog/post/Page-de-test-Kerberos-et-de-delegation-ASPX.aspx

The blog is in French but you only need to copy the ASPX code which you can find below:

 <%@ Page language="VB" %>
 
<%@ Import namespace = "System.web" %>
 
<script language="VB" runat="server">
 
    Dim AuthLength
    Dim AuthOther
 
    Public Sub page_Load(ByVal Obj As Object, ByVal e As EventArgs)
        Authuser.Text = HttpContext.Current.User.Identity.Name().ToString
        ThreadId.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name().ToString()
  
        ' Get the authentication method being used
        AuthMethod.Text = Request.ServerVariables("AUTH_TYPE")
        AuthLength = Request.ServerVariables("HTTP_Authorization")
 
        ' If some other authentication method (other than Negotiate) gets used, call it "Other"
        If LTrim(RTrim(AuthMethod.Text)) <> "Negotiate" Then AuthOtherMethod()
 
        ' If Negotiate gets used, go straight to the subroutine to handle it
        If LTrim(RTrim(AuthMethod.Text)) = "Negotiate" Then AuthNegotiateMethod()
    End Sub
 
    Sub AuthOtherMethod()
        ' Since anonymous authentication will be blank, let's be sure we realize it's enabled to
        If LTrim(RTrim(AuthMethod.Text)) = "" Then AuthMethod.Text = "Anonymous"
    End Sub
 
    Sub AuthNegotiateMethod()
        ' Typically, NTLM will yield a 150 - 300 byte header, while Kerberos is more like 5000 bytes
        If Len(AuthLength) > 1000 Then AuthType.Text = "Kerberos"
        If Len(AuthLength) < 1000 Then AuthType.Text = "NTLM"
    End Sub
</script>
 
<html>
    <body>
        Authentication Method : <asp:label id=AuthMethod runat=server /><br>
        Protocole : <asp:label id=AuthType  runat=server /><br>
        Authenticated user: <asp:label id=Authuser runat=server /><br>
        Thread identity   : <asp:label id=ThreadId runat=server />
    </body>
</html>

Reference:

Page de test Kerberos et de délégation ASPX
https://www.ilinfo.fr/blog/post/Page-de-test-Kerberos-et-de-delegation-ASPX.aspx

--
AMB