Getting an NTLM Challenge from an AJAX POST on just one page Getting an NTLM Challenge from an AJAX POST on just one page ajax ajax

Getting an NTLM Challenge from an AJAX POST on just one page


jquery ajax asp.net-mvc iis windows-authentication

Some wild guesses:

  • This happens when you request a Role that is not in the Claims of the currently logged-in user. Verify that, if you're using [Authorize(Roles = "xyz")], the current user actually has that role.

  • It is not clear if your application uses a cookie for authentication. If yes, you should see it with the request. Are you setting withCredentials: true for each request?

jquery ajax asp.net-mvc iis windows-authentication

What's happening in the action methods that are causing the NTLM challenge ? Are you sure these specific action methods aren't accessing another server, or the internet through a proxy which requires authentication ? In your development environment, your user or the user running the app pool on IIS may have the necessary permissions, but the user on the server may not.

Instead of throwing a clear security-related Exception, ASP.NET will translate this into an NTLM challenge being returned to the client, and a 401 in case of invalid credentials, instead of a 500 containing the stacktrace leading you to the point where the server account didn't have sufficient privileges...

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last