I enabled windows authentication for asp.net mvc project. I'm in company domain, and when I send an get request to server side, I don't see any special stuff like username/pwd in header/body. How does server know who am I? And if I send an ajax call to server, do I need to include username/pwd as part of this call? Please help.
Integrated Windows Authentication uses Negotiate (Kerberos) or NTLM authentication work the same way that Basic Authentication works.
When you send an initial request, the server responds with a 400 not authorized response. The browser sees the accepted types of authentication, and prompts the user for the username/password, or if it knows how to use the current windows login token and is configured to do so, it uses that token automatically.