IIS 7 and Above
How to log authentification type in IIS
Last post Mar 26, 2018 07:34 AM by Yuk Ding
Mar 22, 2018 09:09 AM|Stevonix|LINK
we are planning to turn off our Basic Authentification. But we are not sure if there are still clients using it. (they should now us NTLM (Windows Integrated))
Is it possible to log only the requests which use Basic Authentification to authentificate?
Mar 23, 2018 08:22 AM|Yuk Ding|LINK
Of course, you could log the basic authentication by adding the custom field in IIS manager->site level-> logging->select field->add field->
Then you will find the basic authentication here:
2018-03-23 08:10:32 W3SVC6 192.168.2.50 GET /favicon.ico - 80 192.168.2.50 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/8.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) - 200 0 0 372 - Basic+am9raWVzZDpmZWlkYW4xOTY3
Mar 23, 2018 11:38 AM|Stevonix|LINK
Thank you for the answer!
But won't the other NTLM Requests also be logged? Is it possible only to filter the "basic" Header value?
Mar 26, 2018 07:34 AM|Yuk Ding|LINK
Basic and windows authentication also use different authentication header. These two headers www-authorization and Authorization will log the different authentication. Only one will log the basic authentication and the other will only log the NTLM.