Thanks for the reply Oleg. This is what I figured, but I cannot see how to use
different authentication schemes for the Proxy vs. the Site authentication
challenge.
I tried adding the code suggested in the Authentication tutorial:
List authPrefs = new ArrayList(2);
authPrefs.add(AuthPolicy.DIGEST);
authPrefs.add(AuthPolicy.BASIC);
authPrefs.add(AuthPolicy.NTLM);
This will exclude the NTLM authentication scheme
httpclient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
authPrefs);
I got a message stating that it was attempting BASIC authentication for the
Proxy and that it failed (probably because the domain doesn't get passed I
guess). So my thought is that I need NTLM for the proxy authentication and
Basic will work for the site authentication.
The question I am then working on is how to direct the HttpClient to select
that order of authentication methods. If I let it take NTLM as the preffered
authentication method then it will try to authenticate both challenges with
NTLM.
I sure there is just some little detail I'm missing here somewhere, it's just
hard to find it.
Thanks a lot!
David
On Wed, 29 Jun 2005 19:17:24 +0200, Oleg Kalnichevski wrote:
> On Wed, Jun 29, 2005 at 09:53:07AM -0700, David Parks wrote:
>
>> Hi all,
>> I am trying to authenticate to a server via a proxy which also
>> requires authentication. It seems that I can get either the proxy
>> authentication to work OR the site authentication to work, but
>> not both.
>>
>> Both seem to work independently when I set the credentials (or
>> proxy credentials) using NTCredentials (e.g. if I connect to the
>> site from a network not using a proxy I can get it to work, and I
>> can authenticate to the proxy only to get a 401 authentication
>> failed from the server when using the proxy).
>>
>> I read in the Authentication tutorial that you can't authenticate
>> using NTLM to both the proxy and site, so I'm trying various
>> combinations of authentication, but I can't find any
>> documentation that specifically covers this case and I feel like
>> I'm just taking stabs in the dark right now.
>>
> David,
>
> You _really_ can't use NTLM to authenticate with the proxy and the
> target host at the same, due to the nature of this authentication
> scheme. Really. That was not a joke.
>
> Please consider using one of the following combinations instead:
>
> (1) BASIC proxy + NTLM host if both the clent and the proxy are
> within a trusted network segment
>
> (2) NTLM proxy + SSL + BASIC host
>
> Both combinations should provide an adequate (or better in the
> latter case) security
>
> Hope this helps
>
> Oleg
>
>>
>> If anyone can point me in the direction of the light at the end
>> of the tunnel I'd really appreciate it.
>>
>> Thanks,
>> David
>>
>>
>> ------------------------------------------------------------------
>> --- To unsubscribe, e-mail: httpclient-user-
>>[EMAIL PROTECTED] For additional commands, e-mail:
>>[EMAIL PROTECTED]
>>
>
> --------------------------------------------------------------------
> - To unsubscribe, e-mail: httpclient-user-
>[EMAIL PROTECTED] For additional commands, e-mail:
>[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
