hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Augusto de Oliveira Aragão <andre.augu...@ca.tco.net.br>
Subject RE: HTTPClient Ntlm Implementation
Date Thu, 17 Apr 2003 20:13:35 GMT
Sorry...

Just forget the last message. The correct sequence should be:
    httpclient -> Server   GET ...
    
    Server -> httpclient   401 Unauthorized
                           WWW-Authenticate: NTLM
    
    httpclient -> Server   GET ...
                           Authorization: NTLM
TlRMTVNTUAABAAAAA7IAAAoACgApAAAACQAJACAAAABMSUdIVENJVFlVUlNBLU1JTk9S
    
    Server -> httpclient   401 Unauthorized
                           WWW-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==
    
    httpclient -> Server   GET ...
             Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAABQAFABAAAAADAAMAFQAAAASABIAYAAAAAAAAACi
AAAAAYIAAFUAUgBTAEEALQBNAEkATgBPAFIAWgBhAHAAaABvAGQATABJAEcASABUAEMASQBUAFkA
rYfKbe/jRoW5xDxHeoxC1gBmfWiS5+iX4OAN4xBKG/IFPwfH3agtPEia6YnhsADT
    
    Server -> httpclient   200 Ok

But actually it is:

    httpclient -> Server   GET ...
    
    Server -> httpclient   401 Unauthorized
                           WWW-Authenticate: NTLM
    <comment> I know that the connection must be closed here, and httpclient
handles it nicely (Connection: close header).   </comment> 

    httpclient -> Server   GET ...
                           Authorization: NTLM
TlRMTVNTUAABAAAAA7IAAAoACgApAAAACQAJACAAAABMSUdIVENJVFlVUlNBLU1JTk9S
    
    Server -> httpclient   401 Unauthorized
                           WWW-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==

    httpclient stops here, and returns 401.

Andre

-----Original Message-----
From: André Augusto de Oliveira Aragão 
Sent: quinta-feira, 17 de abril de 2003 16:50
To: 'Commons HttpClient Project'
Subject: RE: HTTPClient Ntlm Implementation


Debugging further, I discovered that httpclient always send authorization:
NTLM <base64-encoded message>. When it get the 401 reply, it sends the NTLM
<base64-encoded message type-1-message>, but does not process the server
reply WWW-Authenticate: NTLM <...>. In this point, it should reply with
WWW-Authenticate: NTLM <base64-encoded type-2-message>, and after the second
server reply, it should reply with Authorization: NTLM <base64-encoded
type-3-message>. The message types are described in the following document:
http://www.innovation.ch/java/ntlm.html. What am I missing?

Regards,

Andre 

-----Original Message-----
From: André Augusto de Oliveira Aragão 
Sent: quinta-feira, 17 de abril de 2003 16:06
To: 'commons-httpclient-dev@jakarta.apache.org'
Subject: HTTPClient Ntlm Implementation


HI! 

I am still having a bad time trying to make ntlm authentication work. It
always returns 401. I tried it against a IIS server and against a jboss
server using a filter I developed a long time ago. This filter simulates the
ntlm authentication. I know that ntlm is done on connection establishment,
but if the server uses keep-alive (http 1.1), the filter works. Debugging
the filter, I find out that http-client uses only two steps to do ntlm
authentication. Is it correct?

Thanks in advance,

Andre 

---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org

Mime
View raw message