hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: httpclient NTLM with Windows XP Professional
Date Tue, 16 Aug 2005 14:57:27 GMT
Ben,

This is peculiar. I assumed you were referring to a full-blown Microsoft
ISA Proxy. Please enable the context/wire logging, hit the target server
directly, and post the resultant log to this list. I'll see if I can
spot anything unusual in the log

http://jakarta.apache.org/commons/httpclient/logging.html

Oleg


On Tue, Aug 16, 2005 at 03:44:10PM +0100, Ben Pickering wrote:
> Oleg,
> 
> Funny thing is, it's a very simple proxy indeed that doesn't really
> understand any HTTP at all -- it literally accepts connections and
> forwards the content it has received.  I think it's based on an
> example from Java Examples in a Nutshell :)
> 
> I'll investigate further.  From what I've read today it seems like
> this is indeed as good as it gets, so we will work around or rethink.
> 
> -- 
> Cheers,
> Ben
> 
> On 16/08/05, Oleg Kalnichevski <olegk@apache.org> wrote:
> > Ben,
> > 
> > This is entirely possible if the target server is configured to require
> > NTLMv2, which is believed to be more secure, whereas the proxy is
> > configured to accept older authentication schemes (LM and/or NTLMv1)
> > 
> > This setup is likely to be somewhat less efficient and secure than a
> > direct connection to the target server, but this is as good as it gets
> > if you are not willing (or unable) to change the configuration of the
> > target server
> > 
> > Oleg
> > 
> > On Tue, Aug 16, 2005 at 03:12:13PM +0100, Ben Pickering wrote:
> > > Oleg
> > >
> > > Thank you for your reply.  Using Axis I have managed to get something
> > > working, but only through an HTTP proxy.  (I have a modified
> > > client-config.wsdd that uses httpclient via CommonsHTTPSender -- this
> > > idea came from Martin Woodward's blog at
> > > http://www.woodwardweb.com/Java/ )
> > >
> > > Without the proxy IIS closes the connection and httpclient returns an
> > > error.  More investigation is needed, but I suppose the connection
> > > between the proxy and httpclient remains open, and a new connection is
> > > established to IIS.
> > >
> > > This is probably undesirable, but is a reasonable workaround in the
> > > short term.  Is this a known effect?
> > >
> > > --
> > > Cheers,
> > > Ben
> > >
> > >
> > >
> > > On 16/08/05, Oleg Kalnichevski <olegk@apache.org> wrote:
> > > > Ben,
> > > >
> > > > Presently there is no such summary, primarily because the NTLM
> > > > compatibility level is configurable on a per box basis.
> > > >
> > > > HttpClient is known to be incompatible with NTLMv2. For details on NTLM
> > > > support levels please refer to:
> > > >
> > > > http://support.microsoft.com/default.aspx?scid=KB;en-us;239869
> > > >
> > > > Oleg
> > > >
> > > > On Tue, Aug 16, 2005 at 12:56:20PM +0100, Ben Pickering wrote:
> > > > > Hi,
> > > > >
> > > > > I am trying to access a .NET web service (using POST rather than
SOAP)
> > > > > running on a remote Windows XP Pro workstation using
> > > > > commons-httpclient 3.0 rc2, with NTLM authentication.
> > > > >
> > > > > At present I am getting access denied errors, and I have found web
> > > > > pages hinting that httpclient may not support all NTLM versions...
 I
> > > > > think on XP Pro it's IIS 5.1?  I'm keen to verify that it's my code
at
> > > > > fault, and that it's not an intractable mismatch between the two.
> > > > >
> > > > > I was wondering if there was a summary of which Windows platforms
are
> > > > > supported by current httpclient versions.  The production deployment
> > > > > of this code may be on more recent versions of Windows Server.
> > > > >
> > > > > Any help would be greatly appreciated.
> > > > > --
> > > > > Cheers,
> > > > > Ben
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > > > > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> > > > >
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> > >
> > >
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> 
> -- 
> Cheers,
> Ben
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message