[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems with ntlm authentication (message type-2)
Hello Thomas
�
you are right, I changed the program to not use NTLM authentication and
got the right response from the server. Afterwards I discussed it with
our SharePoint colleagues and they checked their security settings on
the SharePoint server and found a difference between this services and
the other services they provide. The standard services, which are built
in in SharePoint have automatically set up NTLM, the actual service is
an own written services which hasn�set up NTLM. Now they decide to
not use NTLM for this service. So we got it work without a problem.
Thank you for your help on this.
�
Best regards,
�
Timo
2014-08-24 14:53 GMT+02:00 Timo <[1]timoc1980@xxxxxxxxx>:
Hello Thomas
absolutley�no problem,�I was also on vacation the last weeks. I'm
pretty sure that all of our Sharepoint services are set up
with�NTML authentication and I remember, that I've to set up NTML
authentication�in soapUI to get a response. The user name,�which
is part of the URL, is for an�mapping�between the windows�user
and the�IBM i user. For the authentication against the webservice
we use a general user profile. I'll �remove http_setauth() from the
program tomorrow and let you know if�it works nevertheless.
Thanks,
Timo
Am Dienstag, 19. August 2014 schrieb Thomas Raddatz :
Timo,
Sorry for the late reply. First I was on vacation and then I had no
Internet for a week due to a broken DSL router.
Looking at your debug logs I notice some differences between the
soapUI log
and the WSDL2RPG log.
First there is no NTLM authentication type-1 message sent by soapUI.
But
the user credentials are part of the URL:
GET
/SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXM
L?mysiteUrl=http%3A%2F%2Fmy.company.corp&username=DE%5C%5CUserName&p
roperty=ERPImportData&value=%22PurchaseOrder%3D316888%22
HTTP/1.1
The next thing is that WSDL2RPG also sends the user credentials with
the
URL, but also sends a type-1 NTLM message in order to start the
negotiation
of the NTLM parameters:
GET
/SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXM
L?mysiteUrl=[2]http://my.company.corp&username=DE\\UserName&property
=ERPImportData&value="PurchaseOrder=316883"
HTTP/1.1
Authorization: NTLM
TlRMTVNTUAABAAAAByIAAAAAAAAAAAAACgAKACAAAABRUEFERVYwMEQ5
Since the server ignores the type-1 message and hence does not
return a
type-2 message, WSDL2RPG complains about the missing type-2 message:
"failed validating type-2 message"
But since the server did return the expected data, I assume that you
can
safely drop http_setauth() from your program. It seems as if the
server is
not set up for NTLM authentication.
Regards,
Thomas.
Am 25.07.2014 17:05, schrieb Timo:
>� � Hello
>
>� � I'm calling a web Service (SharePoint REST service) which
runs under
>� � NTLM authentication using the NTLM patch written by Thomas.
>� � The debug log looks good till HTTPAPI tries to process the
recvdoc()
>� � procedure. The web service response is a simple true/false
flag, we�ve
>� � tried both for the response, json and xml which hasn�t any
effect to
>� � the error message. The error message in the debug log is
�failed
>� � validating type-2 message� which comes from NTMLR4 module.
This is
>� � confusing for me, because before the error message I�ve got
an HTTP 200
>� � response code and the correct response message so I�ve
assumed that the
>� � authentication process was successfully. So the question is
why I�ve
>� � got the �failed validating type-2 message� after the
whole processing
>� � with the webserver is done? I�ve seen in debug, that the
field
>� � ntlmType2Msg
>� � from dsAuth is empty before the check for the message type:
>
>� � � � �� type2Msg =
>� � Message_decodeBase64(dsAuth.ntlmType2Msg);� � � � �
� � � � � � � � � �
>� � �� � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � �
>� � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � � �
>� � �� � � � � � � � � � � � � � �
� � � � � � � � � � � � �
>� � � � � � � � � � � � �� if (not
Message_isType2(type2Msg));
>� � � � � � � � � � � � � � � �� dsAuth.ntlmStatus =
>� � NTLM_NONE;� � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
�
>� � �� � � � � � � � � � � � � � �
>� � � � � � � � � � � � � � � �� SetError(HTTP_NDAUTH: ' failed validating
>� � type-2 message');
>� � � � � � � � � � � � � � � �� rc
=
>� � -1;� � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � �
>� � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� �
>� � � � � � � � � � � � � � � �
>� � leave;� � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� �
>� � �� � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � �
� � �
>� � � �
>� � � � � � � � � � � � �� endif;�
>
>� � I�ve attached the whole debug log and a log from SoapUI for
the same
>� � service.
>
>� � Thanks,
>
>� � Timo
>
>
>
>
--------------------------------------------------------------------
---
> This is the FTPAPI mailing list.� To unsubscribe, please go to:
> [3]http://www.scottklement.com/mailman/listinfo/ftpapi
>
--------------------------------------------------------------------
---
>
--------------------------------------------------------------------
---
This is the FTPAPI mailing list.� To unsubscribe, please go to:
[4]http://www.scottklement.com/mailman/listinfo/ftpapi
--------------------------------------------------------------------
---
References
1. mailto:timoc1980@xxxxxxxxx
2. http://my.company.corp/
3. http://www.scottklement.com/mailman/listinfo/ftpapi
4. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------