NTLM Auth switch based on User Agent?

Question

I have a setup a NTLM login but of course not every client does support NTLM. Unfortunately you can not silently ask the browser if there is a NTLM login present because the browser will display a login popup automatically. To avoid the ugly popup dialog I am thinking about a server side switch based on the user agent. I already has some IP ranges I can exclude from NTLM but I would like to look at the user agent, too.

Question is how does user agent look like where NTLM is possible?

Or is this nonsense at all?

I found a small list of agents I could exclude. Also I could exclude browser that do not support NTLM at all. Probably I could also exclude everything that is not contains "Windows". The ntlm-sso project suggest that the user agent needs to start with "Mozilla".

Answer 1

Finally we implemented a cookie based solution instead of this. If a user chooses to use NTLM a cookie is created and everybody with this cookie is forwarded to NTLM login page. This does work nicely.