In order to make use of a command-line SSH utility, we switched the user of our IIS application pool to a user which has access to it. I am not sure why the NETWORK SERVICE user or the AppPoolIdentity can't access the SSH program. So, there's two possible fixes here - either make the site work with Chrome with the user switch, or make the regular users be able to use the SSH program - I prefer the latter.
This user switch is causing the NTLM to fail, but only in Chrome. Does anybody know the difference? I can show the Fiddler transcripts of the two browsers...
IE does this...
GET http://wmdt-test/special_pages/DisputeManager.aspx HTTP/1.1
Host: wmdt-test
Connection: keep-alive
Authorization: NTLM {HugeToken}=
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6
---------------------------------------------------------------------------------
GET http://wmdt-test/special_pages/DisputeManager.aspx HTTP/1.1
Host: wmdt-test
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6
----------------------------------------------------------------------------------
GET http://wmdt-test/special_pages/DisputeManager.aspx HTTP/1.1
Host: wmdt-test
Connection: keep-alive
Authorization: NTLM {HugeTokenAgain}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6
----------------------------------------------------------------------------------That last request gets the 200. In Chrome though, it goes completely another way... it gets 401 on all three requests.
GET http://wmdt-test/special_pages/DisputeManager.aspx HTTP/1.1
Host: wmdt-test
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6
----------------------------------------------------------------------------------
GET http://wmdt-test/special_pages/DisputeManager.aspx HTTP/1.1
Host: wmdt-test
Connection: keep-alive
Authorization: Negotiate {HugeToken}=
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6
-----------------------------------------------------------------------------------
GET http://wmdt-test/special_pages/DisputeManager.aspx HTTP/1.1
Host: wmdt-test
Connection: keep-alive
Authorization: NTLM {Different HugeToken}=
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6I do not understand why changing the user on IIS causes the browser to act so differently, and why it only affects Chrome?