"Alex Krawarik[MSFT]" <alexkr@m...> wrote in message
news:%23ixY4TeoGHA.4024@T......
> Sorry for the delay in responding, but if you pass credentials to the open
> method, they are used for authentication against the web server regardless
> of the scheme. So if the Web server supports only Basic or Digest, the
creds
> are passed for that. If the Web server supports "Windows authentication"
> which can be NTLM or Kerberos, then the credentials are attempted for that
> too.
>

Thanks that's useful.  :)

> > That's fine but I think the question is, is the username/password pair
> > passed in the open method used in the all of these schemes or some or
one
> > of
> > them?  E.g IF the server only offered NTLM would the username/password
> > provided in the open call be used to attempt to satisfy the logon?  OR
is
> > it
> > limit to only Basic methods?
> >
> >
> >> <edsuslen@y...> wrote in message
> >> news:1151499227.494894.50730@m......
> >> > Guys, need your help.
> >> > In a standard
> >> > oXMLHttpRequest.open(bstrMethod, bstrUrl, varAsync, bstrUser,
> >> > bstrPassword);
> >> > the user/password are only for iis authentication, or it could be
> >> > captured for the validation by receiving asp?
> >> > If it could be captured, how?
> >> >
> >> > If it is only for iis authentication, where can I find out how to set
> >> > up iis for proper authentication specific users?
> >> >
> >> > Any explanations would be valuable.
> >> > Thanks in advance.
>
>