NTML Headers don't get send by Firefox or IE

I'm currently developing an ASP.NET App and I want to get the Username & Workstation of the current User/Request.

I want to use NTLM and the开发者_运维知识库 Authorization with the WWW-Authenticate: NTLM HTTP-Headers.

I've enabled these settings in Firefox 4:

network.negotiate-auth.trusted-uris = http://localhost
network.negotiate-auth.delegation-uris = http://localhost
network.automatic-ntlm-auth.trusted-uris = http://localhost
network.ntlm.send-lm-response = true

But I don't get the Authorization Header in Firebug or in my app (using Request.Headers).

I've also tried with IE 9, but it doesn't send it either.

Am I missing something here?

I thought they get send automatically with each request once I've enabled it for the trusted uris and they are send automatically in IE, too, at least in intranets.

The ASP app uses forms authentication and it should stay this way as a fallback.

Browser sends NTLM/Negotiate headers only when he gets 401 error with a corresponding WWW-Authenticate header (NTLM and/or Negoriate). Then browser silently makes one more request with a headers your are looking for:

• In case of NTLM before this silent request you will be asked for login/pwd. Then if browser receive 401 error again, login/pwd prompt window pop-ups again. And this will repeate until either correct credentials or Cancel would pressed. Each request from the second, the application will get authentication headers.
• In case of Negotiate you will be asked for login/pwd only if browser were unable to authorize you. The rest is the same as that for NTLM.

In any other requests these headers are not sent. As well as when anonymous authentication enabled and/or windows one disabled for requested resource.

If you have anonymous authentication enabled in IIS, it will use that by default. In order to use NTLM you have to disable anonymous authentication.