In an answer to Windows Authentication with Google Chrome it is indicated that Chrome does not yet support Auto NTLM Authentication which means that users authenticating to sites using Windows Authentication are prompted for a login. Which is annoying but not a problem. Where the problem resides is that the users password is then sent in clear text to the authenticating site.
I whipped up a quick ASP.NET script that pulls the password out of the AUTH_PASSWORD in Request.ServerVariables collection. Both Safari and Opera prompt for user credentials but neither sends the password in clear text in the HTTP header. I find this especially odd since Chrome like Safari is based on WebKit.
What is the difference between the way Chrome Authenticates in comparison to other browsers and why does it send the password to a site in this manner?
Best Answer
NTLM is currently being ported to Chrome. See this. Just wait for the next version.