NTLM login via Chrome can kill the IIS server

Forum Moderators: open

Message Too Old, No Replies

NTLM login via Chrome can kill the IIS server

Chrome can cause authentication loop in IIS, killing the server

bwakkie

1:14 pm on Jan 13, 2010 (gmt 0)

If you try to access a NTLM secured website on IIS via Chrome you will have to authenticate.

If you use the following structure user@domain the server is getting in an authentication loop or something, and will continue to produce like 1500 401 errors per second till your disk is full. After restarting the service you can get out of the loop.

Question:

How do I prevent for now Chrome brouwsers to be able to login? Block the browser?

Fotiman

3:14 pm on Jan 13, 2010 (gmt 0)

It appears to be a known issue [google.com] that Google Chrome doesn't work with NTLM authentication.
Google writes:

We're investigating this issue and will announce updates in the help forum when we have more information.

Note, there is a button on the Known Issues page to report that you are having this issue.

I don't know enough about configuring IIS to block Chrome browsers, though.

marcel

5:12 pm on Jan 13, 2010 (gmt 0)

Here is an option, the URLScan tool:
[support.microsoft.com...]

You can block User Agents under the [DenyHeaders] section. (I haven't tried this myself though)

Ocean10000

11:04 pm on Jan 13, 2010 (gmt 0)

What version of Chrome are we dealing with? I know the latest version I just downloaded (3.0.195.38) doesn't seem to have any problems. I tested it against an internal website (sharepoint) which uses NTLM to secure it. Could it be an older version that is causing the problems or a Chrome spoof?

What version of IIS, and OS?