Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If the server receives a request for an access-protected object and an acceptable Authorization Request Header has not been sent, the server MUST respond with a "401 Unauthorized" status code and a WWW-Authenticate Response Header, per the framework in [RFC2616]. The initial WWW-Authenticate Response Header MUST NOT carry any auth-data. For more details about the text in this section, see [RFC2616], and specifically for the 401 status code, see [RFC2616] section 10.4.2.
The NTLM scheme operates as follows.
-
challenge= "NTLM" auth-data auth-data = 1#( [ntlm-data] )
The meaning of the value of the directive used above is as follows:
-
ntlm-data
The ntlm-data directive contains the base64 encoding of a CHALLENGE_MESSAGE, as specified in [MS-NLMP] section 2.2.1.2.