Ok ran into something pretty cool with Windows 7 and Internet Explorer 8 as it relates to Authorization headers. Let’s say you happen to have your internal web servers configured to require Kerberos authentication, and you just happen to have fiddler or a network trace running when you connected to the server. You will notice your typical 401 auth challenge and upon a successful connection IE 8 will send the Authorization http header. (See example below)
It appears that every GET or POST request will automatically include the authorization header this is called request-based auth. The benefit of request-based auth is that you avoid the whole 401 auth war that can break out on the wire. This is actually a performance enhancement that appears to only exist in Windows 7. IE 8 on Vista\XP do not use this enhancement, maybe Microsoft will backport this feature someday.
So here is my side by side of the two different auth methods used by IE 8 depending on your OS.
| IE 8 on XP and Vista | IE 8 on Windows 7 and 2008 R2 |
|
|
So how do you make IE8 on Windows 7 flip back to the Connection Based Auth method?
Simple send down a header from the web server. That header you will want to include is called the
Persistent-Auth header. If you set it equal to true IE 8 on Windows 7 will no longer send the Auth header in each request. You can read more about this in the following two locations.
http://msdn.microsoft.com/en-us/library/dd341152(PROT.10).aspx
http://msdn.microsoft.com/en-us/library/ee393311(v=PROT.10).aspx
What an odd problem with MSDN Subscriptions download site!
After I got my MSDN subscriptioin, I immediately had some problems loading the File Transfer Manager activex control from [https://msdn.microsoft.com/en-us/subscriptions/securedownloads/default.aspx]. If I click on any product from the menu on the left, and on the link to download an item, I get what appears to be a common VBscript Warning.
VBScript: Microsoft File Transfer Manager
=====================================
There was an error launching File Transfer Manager.
If you are running Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1, this installation may have been blocked. If the gold IE Information Bar is Present above, please click the bar and select the option to “Install ActiveX”.
For additional assistance, please visit the web site https://transfer.ds.microsoft.com, or contact your help provider.
=====================================
So, it looks like I have some IE Settings preventing me of downloading the activeX control FTM uses to get the download manager window. I have another computer and this works just fine. I can see that With the vbscript dialog warning, you should also get a Yellow Bar security warning which allow the user to download the FTM ActiveX control, but on this particular windows 7 machine, this is not happening.
I had to do some digging around only to find out that my Windows 7 machine had the FTM GUID blocked (killbit).and therefor preventing the FTM ActiveX control to be instantiated.
I have not idea what may have cause this machine to have added the FTM to the ActiveX Compatibility List in IE, maybe something I did trying to protect my computer 
, I know that I do run a lot of security applications and some development that may have cause me the pain, but happy to say that it was really easy to fix.
The the FTM GUID is: {82774781-8F4E-11D1-AB1C-0000F8773BF0}
Here is what you have to do:
> Set the {82774781-8F4E-11D1-AB1C-0000F8773BF0} compatibility flag to dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{82774781-8F4E-11D1-AB1C-0000F8773BF0}]
“Compatibility Flags”=dword:00000000
OR
> Delete the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{82774781-8F4E-11D1-AB1C-0000F8773BF0} entry
> You can use the Batch File below to help you quickly make the change
Steps:
> Please cut and paste the code below into notepad and save it as ActivateFTM.cmd or .bat
:: ENABLES FTM ActiveX GUID
REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{82774781-8F4E-11D1-AB1C-0000F8773BF0}” /V “Compatibility Flags” /t REG_DWORD /d 0 /f
> Make sure Internet Explorer is not running (confirm by opening Task Manager and killing any IExplore.exe process)
> Run the ActivateFTM.cmd batch file
> Open the 32 bit Internet Explore application and navigate to the MSDN Subscription/Download page
BTW: IE9 will rule the browser world…I love what Microsoft is doing