NTLM / Windows Integrated Authentication:
 
NTLM is similar to basic authentication in that it works with a popup window generated by the browser.  The main difference is that the supplied information is encrypted and passed securely to the client.  In order to accomplish this the browser must have special functionality.



How to configure in IIS:

  • Open the MMC and select the site or directory you wish to protect
  • Right click and select properties on that site / directory
  • Select the directory security tab
  • Click the "edit" button on authentication control
  • Disable basic authentication and enable NTLM / Integrated Windows Authentication
  • Now your site is setup to support NTLM authentication you need to change the NTFS permissions for the directory you want to protect and add any users or groups you wish to have access
     

Advantages:

  • Requires no additional software
  • Username and password passed securely without using SSL

 
Disadvantages:

  • The NTLM authentication login box is generated by the web browser, as such you can not control the look and feel of this dialog
  • This requires that you create NT users and groups for all web site users.  This can be difficult to administer, particularly with large number of users.
  • Clients must use Internet Explorer (no other web browser supports NTLM)