[Mono-bugs] [Bug 80687][Nor] Changed - HttpWebRequest does not authenticate via NTLM
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Mon Jun 18 12:16:34 EDT 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by jim.matysczak at metier.com.
http://bugzilla.ximian.com/show_bug.cgi?id=80687
--- shadow/80687 2007-01-31 08:44:06.000000000 -0500
+++ shadow/80687.tmp.32061 2007-06-18 12:16:34.000000000 -0400
@@ -2,13 +2,13 @@
Product: Mono: Class Libraries
Version: 1.2
OS: All
OS Details:
Status: NEW
Resolution:
-Severity:
+Severity: Unknown
Priority: Normal
Component: System
AssignedTo: mono-bugs at ximian.com
ReportedBy: dave at digi-link.com
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
@@ -97,6 +97,44 @@
Client <- Server 200
Mono
Client -> Server GET
Client <- Server 401, WWW-Authenticate: NTLM
*Exception thrown*
+
+------- Additional Comments From jim.matysczak at metier.com 2007-06-18 12:16 -------
+I've run into this problem as well. Using the Apache Axis tcpmon
+utility I've observed that the full hand shake occurs between mono's
+HttpWebRequest or WebClient classes and, in my case, IIS; however,
+access is still denied to the url I am trying to access.
+
+From the requests and responses that I observed via axis's tcpmon
+utility, the problem appears to be that the the type 1 message and the
+type 3 message are not being sent in the same socket connection which
+is required by the protocol
+(http://www.innovation.ch/personal/ronald/ntlm.html - see the "Keeping
+the connection alive" section). Instead a connection is opened in
+order to send the type 1 message and a different connection is opened
+to send the type 3 message.
+
+So if you run the example code with .NET you'll see that 2 connections
+are used:
+The first connection for the initial http get request without any
+authentication and the response which will be a 401 and indicates what
+authentication schemes are supported.
+The second connection for the entire Ntlm protocal handshake - that
+is, the exchange of message types 1, 2, and 3 and the final http 200.
+
+If you run the example code with mono you'll see that 3 connections
+are used:
+The first connection for the initial http get request without any
+authentication and the response which will be a 401 indicating what
+authentication schemes are supported. This is the same as above.
+The second connection for the exchange of the message types 1 and 2.
+The third connection for the exchange of the message type 3 and the
+final access denied response.
+
+I was using mono 1.2.2 on fedora core 5 as the client and windows xp
+sp2 and iis 5.1 as the server. The url I was trying to access only had
+Integrated Windows Authentication enabled. Anonymous access, digest
+auth, and basic auth are all disabled.
+
More information about the mono-bugs
mailing list