hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ji, Yuan" <Yuan...@celcorp.com>
Subject RE: NTLM help -- how to get domain?
Date Wed, 26 Jan 2005 20:04:44 GMT
It seems impossible to get username/password even from Windows API. But how can WinHTTP pass
NTLM authentication without asking password?

We suspect WinHTTP uses Windows API to get encrypted message and put into HTTP header. So
maybe we can write a customerized NTLM authentication scheme, and it will call Windows API
by JNI to authenticate current user without asking any input.

Did anybody try this before? Any help will be very appreciated.

Yuan

-----Original Message-----
From: Dave Seidel [mailto:dave@mindreef.com] 
Sent: January 26, 2005 12:31 PM
To: 'HttpClient Project'
Subject: RE: NTLM help -- how to get domain?

I haven't been able to discover a way of doing it in Java code.  I'me now using GetNetworkParams()
from the native Windows API.  Fortuately, thisworks for me because I have a native launcher
that start a JVM via JNI, so I can get just pass the domain to the VM using the http.auth.ntlm.domain
system property.

- Dave

-----Original Message-----
From: Ji, Yuan [mailto:Yuan.Ji@celcorp.com]
Sent: Wednesday, January 26, 2005 2:06 PM
To: HttpClient Project
Subject: RE: NTLM help -- how to get domain?

Oleg,

Could you tell me how to programmatically get current userid/password and domain name using
Java? Our Java program will only run in Windows 2000/XP, so it's OK to use platform dependent
code. 

Thanks.

Yuan

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: January 20, 2005 12:45 PM
To: HttpClient Project
Subject: RE: NTLM help -- how to get domain?

Dave,

The user _should_ explicitly specify her domain as a part of Windows authentication process,
because it may not necessarily be that of the host.
One _could_ dynamically retrieve the logon credentials using Win32 API or Active Directory
API, assuming this is the set of credentials user wants to be authenticating with, but that
would imply the use of platform dependent code in your application

Oleg

On Thu, 2005-01-20 at 14:27 -0500, Dave Seidel wrote:
> So what I'm really trying to figure out is what value to use for the 
> domain name when constructing an instance of NTCredentials.  I'd been 
> using the client's hostname.  This works on our LAN, which has no 
> domain controller and just uses a workgroup.  But I'm guessing that in 
> an environment with a domain controller, I need to use the real domain
name.  Is that correct?
> And if so, is %USERDOMAIN% a valid way to get that name?
> 
> - Dave
> 
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: Thursday, January 20, 2005 2:10 PM
> To: HttpClient Project
> Subject: Re: NTLM help -- how to get domain?
> 
> 
> > I guess a machine can be in more than one domain. 
> 
> Not really. A host can be member of one domain only, but the domain in 
> question may trust (and be trusted by) other domains, in which case 
> the domain controller delegates authentication to a domain controller 
> of the trusted domain
> 
> Sorry for being pedantic. I used to be an MCSD in pre .NET times ;-)
> 
> Evil Comrade Oleg
> 
> 
> > You must provide the
> > domain you are authenticating against (which is not necessarily the 
> > same as the machine is in). I see the domain name as a name space, 
> > in which a set of credentials is valid. I don't know of a way to 
> > retrieve the NT domains of a machine. Maybe ask MS.
> > 
> > Ortwin Gl├╝ck
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> httpclient-dev-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message