Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 5.x > Installation and deployment > Should I Use SSL with Windows Authentication for Non-IE Browsers? View modes: 
User avatar
Member
Member
scott_hancock-urmc.rochester - 6/9/2011 7:57:10 AM
   
Should I Use SSL with Windows Authentication for Non-IE Browsers?
In the old days of the web, when you used Windows Authentication, only IE encrypted it, all other browsers sent your credentials in plain text since they didn't do ntlm.

I'm going to be using Windows Authentication on my site. Do I need to use SSL with it to make sure that all browsers (safari, firefox, opera, etc) on all platforms (win, mac, linux) are encrypting the users' credentials?

Thanks,
Scott

User avatar
Member
Member
lancetek - 6/9/2011 8:33:50 AM
   
RE:Should I Use SSL with Windows Authentication for Non-IE Browsers?
In my opinion, any public site where you either display or accept input of a users/sensitive data should be protected by SSL.

If you're concerned about cost, you can create a free self-certified SSL cert for a *really* small site, or for ~£30 you could get a godaddy ssl certificate that's accepted by most browsers.


Browsers that support Integrated Windows Authentication.

Cheers,
Lance

User avatar
Kentico Developer
Kentico Developer
kentico_ivanat - 6/11/2011 5:39:48 AM
   
RE:Should I Use SSL with Windows Authentication for Non-IE Browsers?
Hi,

only IE encrypts credentionals, all other browsers sent your credentials in plain text since they didn't support ntlm....


It does not work this way. If the browser does not support Windows Authentication method (NTLM, NTLMv2, Kerberos -> set by server) its unable to display the web page. Using SSL does not make sense, since SSL will not be used in Windows Authentication at all.

You may enable more methods then one!
- like "basic authentication" (which sends the credentials in clear text)
- or "digest authentication" (which uses SSL)
- or Kentico classic login form web part (which uses plain text or SSL depending on the webpage settings)
- or anything that can be found in IIS Authentication section...

Best regards,
Ivana Tomanickova

User avatar
Member
Member
scott_hancock-urmc.rochester - 6/27/2011 8:40:26 AM
   
RE:Should I Use SSL with Windows Authentication for Non-IE Browsers?
Thanks for your replies. In my research I found a good article explaining Windows Authentication in detail. I think it will help others with the same questions that I had.

https://confluence.slac.stanford.edu/display/Gino/Integrated+Windows+Authentication