Ars Technica

IIS, windows authentication, load balancers and SSL

Our minor departmental ASP.NET app works great in DEV on a web server without SSL. It relies on getting the User's Windows identity from HttpContext.Current.User.Identity.Name<BR><BR>When we move the ...
Bleeping Computer

VMware patches vCenter Server flaw disclosed in November

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the ...
Bleeping Computer

Microsoft: New security updates trigger Windows Server auth issues

Update November 15, 04:37 EST: Microsoft has released out-of-band updates to address the authentication issues on DCs running impacted Windows Server versions. Microsoft says users might experience ...
Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...