Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to disable NTLM authentication for OPTIONS requests in IIS

As far as I understand, OPTIONS request must be processed without authentication. I am hosting my web application in IIS 7.x and 8.x and it is using NTLM and Kerberos authentication (this is an intranet application).

How do I disable authentication for OPTIONS request in IIS in case of Windows authentication?

like image 716
IT Hit WebDAV Avatar asked Sep 11 '14 22:09

IT Hit WebDAV


People also ask

How do I disable NTLM authentication in IIS?

To disable NTLM, use the Group Policy setting Network Security: Restrict NTLM. If necessary, you can create an exception list to allow specific servers to use NTLM authentication.

How do I disable authentication in IIS?

In the IIS Manager: Expand the computer name, then Sites, then Default Web Site, then click on the name of the desired site. Select Authentication. Set Windows Authentication to Disabled and set Basic Authentication to Enabled.

How do I change authentication from NTLM to Kerberos?

Navigation to Application Management > Authentication Providers. Choose the web application you wish to configure from the drop-down in the top right corner (this includes the Central Administration web application) Click on 'Default' Set the authentication to Negotiate (Kerberos)

How do I know if NTLM is authentication is enabled?

In the Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options section, find and enable the Network Security: Restrict NTLM: Audit NTLM authentication in this domain policy and set its value to Enable all.


1 Answers

Go to handler mappings feature in IIS and edit Authentication handler and remove OPTIONS verb from registering for requests with OPTIONS. Hope that helps

like image 116
JOAT Avatar answered Sep 17 '22 17:09

JOAT