[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: www-Authenticate?



Hi Scott,
Just for your information. Here's a link that describes the inner
working of NTLM: http://www.innovation.ch/personal/ronald/ntlm.html

Thanks,
 
Donald Leong
Phone# (562) 989-5165

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: Thursday, August 14, 2008 5:53 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: www-Authenticate?

Hi Donald,

HTTPAPI only supports the two authentication schemes defined in RFC 
2617, which are called "Basic" and "Digest" authentication.

NTLM stands for NT LAN Manager.  (NT = Windows NT.  LAN Manager is an 
old name for "Windows Networking").   It's a proprietary authentication 
mechanism from Microsoft for Windows Networking.  There are a few weird 
situations where it has been used in web applications as well, but this 
is rather unusual.  Unfortunately, you appear to be in one of those 
situations!

Anyway, HTTPAPI doesn't support it at this point, and I personally have 
no plans to add it.  You may be able to add it yourself -- if you do, 
we'd welcome you to contribute your code back to the project.

Here's a pretty good description of these authentication schemes:
http://gluga.com/tech-talk/proxy-servers-and-ntlm/







Donald Leong wrote:
>    Hi Scott,
> 
>    I have built a program to consume an internal web service from our
>    domain. All is working well except the authentication part. Here's
the
>    situation:
> 
> 
>    I coded in my RPG program to first use nRC = http_getauth(iBasic:
>    iDigest: xRealm) to try finding the authentication scheme but the
data
>    returned no information regarding such (iBasic, iDigest return "0"
and
>    xRealm returns blank). Here's the log file:
> 
> 
>    HTTPAPI Ver 1.21 released 2007-10-01
> 
>    http_getauth(): entered
> 
>    SetError() #39: Server did not ask for authentication!
> 
> 
>    Then, I changed my program to use only BASIC (assuming that this is
>    the most prevalent scheme) Callp(E) http_setauth( HTTP_AUTH_BASIC:
>    xUserid: xPaswrd) But the program is still not working. Here's the
log
>    file:
> 
> 
>    HTTPAPI Ver 1.21 released 2007-10-01
> 
>    http_setauth(): entered
> 
>    http_url_post_stmf(): entered
> 
>    getting post file size...
> 
>    opening file to be sent...
> 
>    opening file to be received
> 
>    http_persist_open(): entered
> 
>    http_long_ParseURL(): entered
> 
>    Converting relative URL.
> 
>    New URL is http://wcf01-test/wsPGP/
> 
>    DNS resolver retrans: 2
> 
>    DNS resolver retry  : 2
> 
>    DNS resolver options: x'00000136'
> 
>    DNS default domain: SCNMC400.ACME.COM
> 
>    DNS server found: 10.0.0.17
> 
>    DNS server found: 10.0.0.18
> 
>    http_persist_post(): entered
> 
>    http_long_ParseURL(): entered
> 
>    Converting relative URL.
> 
>    New URL is http://wcf01-test/wsPGP/
> 
>    do_post(): entered
> 
>    POST /wsPGP/ HTTP/1.1
> 
>    Host: wcf01-test
> 
>    User-Agent: http-api/1.21
> 
>    Content-Type: text/xml; charset=utf-8
> 
>    Expect: 100-continue
> 
>    Content-Length: 2452
> 
>    Authorization: Basic ZGxlb25nOkRsMDExMDYyIzI=
> 
>    SOAPAction:
>    https://services.acme.com/EncryptByClientPublicKeyNameBase64
> 
>    recvresp(): entered
> 
>    HTTP/1.1 401 Unauthorized
> 
>    Content-Length: 1656
> 
>    Content-Type: text/html
> 
>    Server: Microsoft-IIS/6.0
> 
>    WWW-Authenticate: Negotiate
> 
>    WWW-Authenticate: NTLM
> 
>    X-Powered-By: ASP.NET
> 
>    Date: Thu, 14 Aug 2008 22:23:39 GMT
> 
>    SetError() #13: HTTP/1.1 401 Unauthorized
> 
>    recvdoc parms: identity 1656
> 
>    interpret_auth(): entered
> 
>    SetError() #36: This page requires a user-id & password
> 
>    http_close(): entered
> 
> 
>    At this point, I do not know how to proceed. I am also confused as
to
>    the "www-authenticate: NTLM" line in the log. Does that mean the
>    system is neither using BASIC or DIGEST authentication scheme? How
do
>    I handle this NTLM authentication?
> 
> 
>    In one of your posting, you mentioned: If you're using DIGEST
>    authentication (which is rare) you have to call http_url_post FIRST
in
>    order to get some info that's used in the cryptography. For a web
>    service, there is apparenty no HTML file that I can do a post on.
Then
>    what can I post and where do I post to (I hope I am asking the
right
>    question here)?
> 
> 
>    Thanks in advance for any help.
> 
> 
>    Donald Leong
> 
> 
> 
>
------------------------------------------------------------------------
> 
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
>
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------