[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems with ntlm authentication (message type-2)
Hello Thomas
absolutley�no problem,�I was also on vacation the last weeks. I'm
pretty sure that all of our Sharepoint services are set up with�NTML
authentication and I remember, that I've to set up NTML
authentication�in soapUI to get a response. The user name,�which is
part of the URL, is for an�mapping�between the windows�user and
the�IBM i user. For the authentication against the webservice we use a
general user profile. I'll �remove http_setauth() from the program
tomorrow and let you know if�it works nevertheless.
Thanks,
Timo
Am Dienstag, 19. August 2014 schrieb Thomas Raddatz :
Timo,
Sorry for the late reply. First I was on vacation and then I had no
Internet for a week due to a broken DSL router.
Looking at your debug logs I notice some differences between the
soapUI log
and the WSDL2RPG log.
First there is no NTLM authentication type-1 message sent by soapUI.
But
the user credentials are part of the URL:
GET
/SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXM
L?mysiteUrl=http%3A%2F%2Fmy.company.corp&username=DE%5C%5CUserName&p
roperty=ERPImportData&value=%22PurchaseOrder%3D316888%22
HTTP/1.1
The next thing is that WSDL2RPG also sends the user credentials with
the
URL, but also sends a type-1 NTLM message in order to start the
negotiation
of the NTLM parameters:
GET
/SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXM
L?mysiteUrl=[1]http://my.company.corp&username=DE\\UserName&property
=ERPImportData&value="PurchaseOrder=316883"
HTTP/1.1
Authorization: NTLM
TlRMTVNTUAABAAAAByIAAAAAAAAAAAAACgAKACAAAABRUEFERVYwMEQ5
Since the server ignores the type-1 message and hence does not
return a
type-2 message, WSDL2RPG complains about the missing type-2 message:
"failed validating type-2 message"
But since the server did return the expected data, I assume that you
can
safely drop http_setauth() from your program. It seems as if the
server is
not set up for NTLM authentication.
Regards,
Thomas.
Am 25.07.2014 17:05, schrieb Timo:
>� � Hello
>
>� � I'm calling a web Service (SharePoint REST service) which
runs under
>� � NTLM authentication using the NTLM patch written by Thomas.
>� � The debug log looks good till HTTPAPI tries to process the
recvdoc()
>� � procedure. The web service response is a simple true/false
flag, we�ve
>� � tried both for the response, json and xml which hasn�t any
effect to
>� � the error message. The error message in the debug log is
�failed
>� � validating type-2 message� which comes from NTMLR4 module.
This is
>� � confusing for me, because before the error message I�ve got
an HTTP 200
>� � response code and the correct response message so I�ve
assumed that the
>� � authentication process was successfully. So the question is
why I�ve
>� � got the �failed validating type-2 message� after the
whole processing
>� � with the webserver is done? I�ve seen in debug, that the
field
>� � ntlmType2Msg
>� � from dsAuth is empty before the check for the message type:
>
>� � � � �� type2Msg =
>� � Message_decodeBase64(dsAuth.ntlmType2Msg);� � � � �
� � � � � � � � � �
>� � �� � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � �
>� � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � � �
>� � �� � � � � � � � � � � � � � �
� � � � � � � � � � � � �
>� � � � � � � � � � � � �� if (not
Message_isType2(type2Msg));
>� � � � � � � � � � � � � � � �� dsAuth.ntlmStatus =
>� � NTLM_NONE;� � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
�
>� � �� � � � � � � � � � � � � � �
>� � � � � � � � � � � � � � � �� SetError(HTTP_NDAUTH: ' failed validating
>� � type-2 message');
>� � � � � � � � � � � � � � � �� rc
=
>� � -1;� � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � �
>� � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� �
>� � � � � � � � � � � � � � � �
>� � leave;� � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� �
>� � �� � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � �
>� � � �
>� � � � � � � � � � � � �� endif;�
>
>� � I�ve attached the whole debug log and a log from SoapUI for
the same
>� � service.
>
>� � Thanks,
>
>� � Timo
>
>
>
>
--------------------------------------------------------------------
---
> This is the FTPAPI mailing list.� To unsubscribe, please go to:
> [2]http://www.scottklement.com/mailman/listinfo/ftpapi
>
--------------------------------------------------------------------
---
>
--------------------------------------------------------------------
---
This is the FTPAPI mailing list.� To unsubscribe, please go to:
[3]http://www.scottklement.com/mailman/listinfo/ftpapi
--------------------------------------------------------------------
---
References
1. http://my.company.corp/
2. http://www.scottklement.com/mailman/listinfo/ftpapi
3. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------