Windows authentication - Kerberos or NTLM (Negotiate oYICO…)

Question

I have problems with a single user in an intranet application. The client side is a WPF application which communicates with a ASP.Net Web API Web Service.

The client

Answer 1

Given the presence of "Negotiate " both requests seem to be attempts to use the Spnego Negotiation Mechanism. While Spnego is often used in conjunction with Kerberos, the two should not be confused.

Authorization: Negotiate oY....

...is a Spnego NegTokenResp (NegTokenTarg in Microsoft documents).

This may contain a Kerberos Token, NTLM, or any other negotiatable sub-mechanism supported by the Spnego Protocol (or by the specific Spnego implementation used). So this may be Kerberos, NTLM, or something else again.

"oY" decodes to HexByte "a1", as do "oQ" to "oZ", so any of these could indicate a NegTokenResp.

Authorization: Negotiate YI....

...is a Kerberos token (which may have a Kerberos or a Spnego OID).

It can either be sent "direct", or wrapped in a Spnego Token (e.g. the NegTokenResp above).