[Mono-bugs] [Bug 80687][Nor] Changed - HttpWebRequest does not authenticate via NTLM

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Jun 18 12:16:34 EDT 2007 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by jim.matysczak at metier.com.

http://bugzilla.ximian.com/show_bug.cgi?id=80687

--- shadow/80687	2007-01-31 08:44:06.000000000 -0500
+++ shadow/80687.tmp.32061	2007-06-18 12:16:34.000000000 -0400
@@ -2,13 +2,13 @@
 Product: Mono: Class Libraries
 Version: 1.2
 OS: All
 OS Details: 
 Status: NEW   
 Resolution: 
-Severity: 
+Severity: Unknown
 Priority: Normal
 Component: System
 AssignedTo: mono-bugs at ximian.com                            
 ReportedBy: dave at digi-link.com               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -97,6 +97,44 @@
 Client <- Server 200
 
 Mono
 Client -> Server GET
 Client <- Server 401, WWW-Authenticate: NTLM
 *Exception thrown*
+
+------- Additional Comments From jim.matysczak at metier.com  2007-06-18 12:16 -------
+I've run into this problem as well. Using the Apache Axis tcpmon
+utility  I've observed that the full hand shake occurs between mono's
+HttpWebRequest or WebClient classes and, in my case, IIS; however,
+access is still denied to the url I am trying to access.
+
+From the requests and responses that I observed via axis's tcpmon
+utility, the problem appears to be that the the type 1 message and the
+type 3 message are not being sent in the same socket connection which
+is required by the protocol
+(http://www.innovation.ch/personal/ronald/ntlm.html - see the "Keeping
+the connection alive" section). Instead a connection is opened in
+order to send the type 1 message and a different connection is opened
+to send the type 3 message.
+
+So if you run the example code with .NET you'll see that 2 connections
+are used:
+The first connection for the initial http get request without any
+authentication and the response which will be a 401 and indicates what
+authentication schemes are supported.
+The second connection for the entire Ntlm protocal handshake - that
+is, the exchange of message types 1, 2, and 3 and the final http 200.
+
+If you run the example code with mono you'll see that 3 connections
+are used:
+The first connection for the initial http get request without any
+authentication and the response which will be a 401 indicating what
+authentication schemes are supported. This is the same as above.
+The second connection for the exchange of the message types 1 and 2.
+The third connection for the exchange of the message type 3 and the
+final access denied response.
+
+I was using mono 1.2.2 on fedora core 5 as the client and windows xp
+sp2 and iis 5.1 as the server. The url I was trying to access only had
+Integrated Windows Authentication enabled. Anonymous access, digest
+auth, and basic auth are all disabled.
+

More information about the mono-bugs mailing list