In my case, my WCF restful services hosted in IIS use windows authentication using Kerberos. Both authPersistSingleRequest and authPersistNonNTLM settings are false, however, I noticed different behaviors depending on which type of client i'm using.
For example,
- If using Google Chrome, I see the expected behavior: persistent-auth header in the response is set to false.
- If using Internet Explorer, I see persistent-auth header in the response is set to true in one NT domain, but it is set to false in a different NT domain.
- If using the WCF proxy to call the WCF restful services, persistent-auth header in the response is set to true. Why? Can anybody help to explain?
↧