<div>
<div class="content wysiwyg-content">
I am connecting to a web application that is integrated with Active Directory. The application allows &nbsp;for &nbsp;REST operations via SPNEGO. <br />
<br />
My understanding is that I should be able to make a REST call using GSSAPI/SPNEGO. First a general question. &nbsp;My understanding is that the process works like this.<br />
<br />
1) User logs into their computer and gets a TGT which is stored somewhere off in memory (I'm a little fuzzy on this, I believe this is how KERBEROS works, and I'm hoping SPNEGO assumes the same)<br />
2) Client tries to make some request like a GET or PUT<br />
3) Website respondes with unauthorized 401 response with an WWW-AUTHENTICATION : NEGOTIATE header.<br />
4) Client responded with a second GET or PUT request adding a Authenticate: NEGOTIATE %token string% <br />
5) Request succeeded and client get proper response<br />
<br />
<br />
My questions are: <br />
1) Is the above understanding correct?<br />
2) If my goal is to only get the %token string% How would i retrieve that string value to add to the Authenticate: Negotiate header? <br />
&nbsp; &nbsp; 1) In C#/.NET<br />
&nbsp; &nbsp; 2) In Python<br />
&nbsp; &nbsp; 3) In Java
</div>
</div>


I am connecting to a web application that is integrated with Active Directory. The application allows  for  REST operations via SPNEGO. 

My understanding is that I should be able to make a REST call using GSSAPI/SPNEGO. First a general question.  My understanding is that the process works like this.

1) User logs into their computer and gets a TGT which is stored somewhere off in memory (I'm a little fuzzy on this, I believe this is how KERBEROS works, and I'm hoping SPNEGO assumes the same)
2) Client tries to make some request like a GET or PUT
3) Website respondes with unauthorized 401 response with an WWW-AUTHENTICATION : NEGOTIATE header.
4) Client responded with a second GET or PUT request adding a Authenticate: NEGOTIATE %token string% 
5) Request succeeded and client get proper response


My questions are: 
1) Is the above understanding correct?
2) If my goal is to only get the %token string% How would i retrieve that string value to add to the Authenticate: Negotiate header? 
    1) In C#/.NET
    2) In Python
    3) In Java

General questions and examples  of  SPNEGO over REST via C#, Java, Python ?

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Web development includes all aspects of presenting content on intranets and the Internet, including delivery development, protocols, languages and standards, server software, browser clients, databases and multimedia generation.

Web Development

Web development software is used to create websites for both the Internet and intranets. Software can be either locally installed or operated through a cloud interface, and ranges in complexity from simple text editors to full-fledged integrated development environments (IDEs) that include graphics, video, audio, scripting and database support.