Hi Robert, > As far as I understand it, yes as long as that connection is open > all resources transferred are considered authenticated.
Thanks! > NTLM is problematic since it works very differently from how http is > supposed to work. NTLM keeps state, http does not. > > The only way I have managed to get my proxy to handle NTLM connections > between the real server and the real client is to switch the proxy > to a dumb tunnel when NTLM is negotiated (otherwise another client might > reuse the same server connection and be authenticated). For a > proxy any accidental authentication inheriting is very bad, for a normal > browser/tool it is probably ok. For a browser it doesn't matter because it's acting for a single user. I'm not sure how we handle this in HttpClient right now. But I sure don't want that to happen accidentally in 4.0. > I suspect that there are lots of proxies that have problems when the > real server tries to use NTLM. The NTLM levels we can support are better not used outside of an intranet anyway ;-) cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
