...
For those of you iterested in the details of IWA, I'll walk you throuh the HTTP headers of a web browser connecting to http://glast-ground.slac.stanford.edu/ so that you can see how the cyptographic exhage works. In each of the following diagrams, the HTTP header sent by the browser to the remote web serveris sown first, followed by the remote web server's response back to the browser.
Panel | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
http://glast-ground.slac.stanford.edu/ GET / HTTP/1.1 HTTP/1.x 401 Unauthorized |
Note that the web server repponds that the browser it is not authorized to access the web server (the {[HTTP/1.x 401 Unauthorized}} tells you tis), and that the only valid form of authentication that the web server will accept is IWS (which is what the WWW-Authenticate: NTLM
line tells you).