Basic authentication vs. NT Challenge and Response
When you password protect a web page using Internet Service Manager,
you have the option of choosing either Basic authentication or
NT Challenge and Response (aka: Integrated Windows
authentication). The difference in the two methods is
in the way the username and passwords are transmitted over the
Internet. NT Challenge and Response encrypts the password so
malicious snoopers can not intercept and use the information. Basic
authentication sends the password as plain text. While it would be
great to use NT Challenge and Response for all secured web pages,
the only web browsers that currently support this protocol are
Internet Explorer 3 and higher. If you might have users with
other web browsers, your only choice is Basic authentication.
If you would like to have a secure website take advantage of
using encrypted usernames and passwords but still want to be
compatible with Netscape browsers, you can use Basic
authentication over SSL. Using Secure Sockets will encrypt
the user name and password but at the same time will
still let Netscape browsers use your site, the best of both worlds.
Thanks to Eric Rosenblum for reminding us about Basic authentication over SSL.
If you have a tip you would like to submit, please send it to:
webmaster@asp101.com.
