Negotiated NTLM Authentication (General questions)

Hi,

I am trying to connect to a website using NTLM authentication using HttpDlx with no success (but can connect successfully via browser)

The initial Access Denied request received from the site contains two Authentication headers:

WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

When IE sees these it responds

Authorization: Negotiate YIIFKAYGKwY... (lots more here)

However, when HttpDlx sees these it responds:

Authorization: NTLM TlRMTVNTUAABAAAAA7IAAAAAAAAAAAAAAAAAAAAAAAA=

and then goes through some more unsuccessful handshaking.

Should HttpDlx be sending back a Negotiating response?

I have logs of the headers captured from IExplorer and the debug log from HttpDlx that I can send to you if required.

Thanks
Paul

Paul,

that's not the same authentication. IE uses Negotiate (I found info about it here , and wodHttpDLX uses NTLM. Can you force IE to try NTLM also, just to make sure this isn't server-side issue (but I believe it is, I've seen this before).

Kreso

Hi Kreso

How do I force IE to use NTLM?

Thanks Paul.

Paul,

I don't know :) Did you try with Firefox perhaps? I think it will use NTLM.

Hi Kreso,

just to clarify my understanding.

When using authentication type NTLM the values I need to set for the login and password properties are my domain login and password information, ie.

DTGdraperp and XXXXXXXX

in much the same way as the ProxyLogin and ProxyPassword are set on the Client componant when passing through a proxy.

Thanks Paul

Paul,

I think I got you correctly. IE works because it uses different authentication scheme. Believe it or not (I am not 100 sure but...) I think this is server-side issue. IE would fail too if uses NTLM, that's why I suggested to try FireFox too just to isolate which side causes error.

Hi Kreso,

Tried with FireFox and NTLM authentication to the site works fine. I get the popup asking for username and password and then get the correct page displayed.

Can you confirm that I need to set Login and Password to my Domain lodin and Password ie.

Authentication = AuthAutomatic;
Login = DTG\draperp
Password = XXX ;

When I do this the debug log seems to indicate that the NTLM IS working.

However, the response from the web server is a 302 Object Moved message.
When using FireFox, the next (automatic) request from the browser once again contains NTLM information, however when using HttpDlx the next automatic request does not contain the NTLM info and I get a 401 Access Denied.

I have zipped up the debug log and emailed it to you in case it helps

Thanks
Paul.

Paul,

I see the problem. 302 Object moved causes wodHttpDLX to send new request. Since it received full URL in 'object moved' header, it assumes this is different hostname than before, in which case authentication isn't valid anymore, so it doesn't send it.

But I could change the logic here. Any chance I could connect to that host?

Hi Kreso,

I have just installed the update and NTLM to my server is working great.

Thanks for the speedy turnaround.

Regards
Paul.