[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with ntlm authentication (message type-2)



Timo,

Sorry for the late reply. First I was on vacation and then I had no
Internet for a week due to a broken DSL router.

Looking at your debug logs I notice some differences between the soapUI log
and the WSDL2RPG log.

First there is no NTLM authentication type-1 message sent by soapUI. But
the user credentials are part of the URL:

GET
/SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXML?mysiteUrl=http%3A%2F%2Fmy.company.corp&username=DE%5C%5CUserName&property=ERPImportData&value=%22PurchaseOrder%3D316888%22
HTTP/1.1

The next thing is that WSDL2RPG also sends the user credentials with the
URL, but also sends a type-1 NTLM message in order to start the negotiation
of the NTLM parameters:

GET
/SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXML?mysiteUrl=http://my.company.corp&username=DE\\UserName&property=ERPImportData&value="PurchaseOrder=316883";
HTTP/1.1

Authorization: NTLM TlRMTVNTUAABAAAAByIAAAAAAAAAAAAACgAKACAAAABRUEFERVYwMEQ5

Since the server ignores the type-1 message and hence does not return a
type-2 message, WSDL2RPG complains about the missing type-2 message:

"failed validating type-2 message"

But since the server did return the expected data, I assume that you can
safely drop http_setauth() from your program. It seems as if the server is
not set up for NTLM authentication.

Regards,

Thomas.


Am 25.07.2014 17:05, schrieb Timo:
>    Hello
> 
>    I'm calling a web Service (SharePoint REST service) which runs under
>    NTLM authentication using the NTLM patch written by Thomas.
>    The debug log looks good till HTTPAPI tries to process the recvdoc()
>    procedure. The web service response is a simple true/false flag, we�ve
>    tried both for the response, json and xml which hasn�t any effect to
>    the error message. The error message in the debug log is �failed
>    validating type-2 message� which comes from NTMLR4 module. This is
>    confusing for me, because before the error message I�ve got an HTTP 200
>    response code and the correct response message so I�ve assumed that the
>    authentication process was successfully. So the question is why I�ve
>    got the �failed validating type-2 message� after the whole processing
>    with the webserver is done? I�ve seen in debug, that the field
>    ntlmType2Msg
>    from dsAuth is empty before the check for the message type:
> 
>    � � �  type2Msg =
>    Message_decodeBase64(dsAuth.ntlmType2Msg);� � � � � � � � � � � � � � �
>     � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>    � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>     � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>    � � � � � � � � � � �  if (not Message_isType2(type2Msg));
>    � � � � � � � � � � � � � �  dsAuth.ntlmStatus =
>    NTLM_NONE;� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>     � � � � � � � � � � � � � � �
>    � � � � � � � � � � � � � �  SetError(HTTP_NDAUTH: ' failed validating
>    type-2 message');
>    � � � � � � � � � � � � � �  rc =
>    -1;� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>    � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>    � � � � � � � � � � � � � �
>    leave;� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>     � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
>    � �
>    � � � � � � � � � � �  endif;�
> 
>    I�ve attached the whole debug log and a log from SoapUI for the same
>    service.
> 
>    Thanks,
> 
>    Timo
> 
> 
> 
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
> 
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------