I'm scanning a web application that uses both NTLM authentication as well as Form authentication. In my scan results, I'm seeing Authentication Status is "Partial." How can I tell which authentication failed?
Typically you would need to establish server based authentication before you could even reach the form based login page. So if you have partial, it is almost always the case that your server based auth worked correctly and the form based auth failed. Try the form based auth credentials to see if they work. The only time this would not be true is if you have a site that is structured to allow form based auth and then protects some subset of the app with additional server based auth. This is very unusual, and typically ends up being a misconfiguration rather than an intended design.
Hope this helps
That makes sense, and I am seeing the form login page on the scan results, meaning the server auth was successful. I'll look into doing some more testing with my selenium login.
Retrieving data ...