hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Using NTLM auth with expect continue
Date Wed, 09 Apr 2008 17:22:53 GMT

On Tue, 2008-04-08 at 18:53 -0400, Tony Thompson wrote:
> I am using HTTPClient 3.1.  I have an application that does NTLM
> authentication.  I am posting data with the HTTPClient using a stream
> that is not buffered.  If the web server requires an NTLM handshake, I
> get an "unbuffered entity enclosing request" exception (makes sense).
> So, after searching the mailing list archives, I thought I could use
> "Expect: continue" so the NTLM negotiation could happen before my
> content was posted.  It does not appear to work properly.  On a
> connection that has already been authenticated (i.e. I don't need to
> authenticate the POST request), the conversation looks like this:
> POST request (headers only) --> server
> client <-- HTTP 100
> POST content --> server
> client <-- HTTP 200
> So, if you can make sense of that, it appears the server (IIS 6.0) will
> deal with expect continue correctly.  So, if the connection needs to be
> authenticated, here is what happens:
> POST request (headers only) --> server
> client <-- HTTP 401
> POST content (content is junk) --> server
> client <-- HTTP 400
> I am not sure why content is posted in response to a 401.  Also, the
> content that is posted is the request headers that were sent in step #1
> not the actual content (that is why I said it was junk above).
> Any idea why this might be happening?  I can't buffer the content
> without causing major issues with my application so the expect continue
> solution sounds perfect, if it can be made to work.


Please post a wire/context log of that session. I'll try to find time to
take a look



> Thanks
> Tony
> This message (and any associated files) is intended only for the 
> use of the individual or entity to which it is addressed and may 
> contain information that is confidential, subject to copyright or
> constitutes a trade secret. If you are not the intended recipient 
> you are hereby notified that any dissemination, copying or 
> distribution of this message, or files associated with this message, 
> is strictly prohibited. If you have received this message in error, 
> please notify us immediately by replying to the message and deleting 
> it from your computer. Messages sent to and from Stoneware, Inc.
> may be monitored.

To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message