KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q170851: How Windows NT/Challenge Response Authentication Works

Article: Q170851
Product(s): Internet Information Server
Version(s): WinNT:2.0,3.0
Operating System(s): 
Keyword(s): kbtshoot
Last Modified: 02-MAY-1999

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Internet Information Server versions 2.0, 3.0 
-------------------------------------------------------------------------------

SUMMARY
=======

Your Web server supports Microsoft Windows NT Challenge/Response authentication,
which identifies users without requiring the transmission of actual passwords or
account information across a network. Instead, the Web server authenticates
users by carrying out a procedure that challenges the user's Web browser to
carry out a specific mathematical computation involving the password and to
respond by returning the results of the computation to their Web server.

Next, your Web server duplicates this computation using the user's account
password information, and compares this result to the user's result. If both
results match, your Web server recognizes that the user has the correct password
and grants access.

Your server will not switch to another authentication method if the user is
initially denied access. Instead, the user's Web browser will prompt the user
for a user name and password, which the browser will process and send to your
Web server as part of the Windows NT Challenge/Response authentication protocol.
If this second authentication attempt fails, the user will be denied access to
the Web server.

MORE INFORMATION
================

You will find Windows NT Challenge/Response authentication useful in an Intranet
environment, where both user and Web server computers are in the same, secure
domain. Additionally, you can only use Windows NT Challenge/Response to
authenticate users that logon with Web browsers capable of supporting this
method. Currently, Microsoft Internet Explorer version 2.0 or later is the only
Web browser that supports Windows NT Challenge\Response.

======================================================================
Keywords          : kbtshoot 
Technology        : kbiisSearch kbiis300 kbiis200
Version           : WinNT:2.0,3.0
Hardware          : ALPHA x86
Issue type        : kbhowto

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.