Safari problems accessing Windows Integrated Authentication (aka NTLM) protected web site

Question

Our web application uses Windows Integrated Authentication (aka NTLM Auth) for security.

It's working fine for both IE and Firefox users, but Safari users are seeing intermittent problems. Browsing the site will work fine, but every once in a while there will be problems loading elements of a page (e.g. CSS or JS files). Reload and the problem will go away.

If we use a debugging proxy (Fiddler) we can see that there is a lot of extra 401 requests happening with Safari. Every once in a while a request for a resource will get stuck in a 401 request loop, and eventually fail.

I can't see anything that we're doing to cause this, and it would appear that it's a bug in Safari. Has anyone ran across this issue before, and have any suggestions for a resolution?

Thanks,

Darren.

Answer 1

Some web sites http://www.musteat.org/nodes/show/151 indicate this is an issue with negotiated authentication.

You can turn off Negotiate in favor of pure NTLM in IIS via the NTAuthenticationProviders Metabase setting, and the following ADSUTIL command.

cscript adsutil.vbs set w3svc/WebSite/<SiteID>/NTAuthenticationProviders "NTLM"

Change < SiteID > to the appropriate ID, typically 1.