subject:"RE\: NTLM authentication fails"

Re: NTLM Authentication fails

2019-07-19 Thread Kirill

Dear HttpClient Users Group,

Finally I managed to make NTLM Authentication to work correctly using only
HttpClient API. The root cause why it did not work was in
method NTLMScheme.authenticate() hiding the real problem
with ClassCastException.

try {
ntcredentials = (NTCredentials) credentials;
} catch (final ClassCastException e) {
throw new InvalidCredentialsException(
 "Credentials cannot be used for NTLM authentication: "
  + credentials.getClass().getName());
}

Since I used Wrapper for the NTCredentials, my WrapperCredentials was not
instance of NTCredentials.
Therefore, the issue has been resolved, but I would recommend not to hide
the real problem or to make the message more precise or to change API
accepting only NTCredentials in case of NTLM authentication.

Best regards,
Kirill

On Wed, Jul 17, 2019 at 1:31 PM Oleg Kalnichevski  wrote:

> On Tue, 2019-07-16 at 16:21 +0200, Kirill wrote:
> > Dear HtpClient Users Group,
> >
> >
> > Is it possible to make NTLM Authentication using only HttpClient
> > library
> > (without htppclient-win library) which will be working independently
> > on
> > whether it is  running on Windows or Linux?
> >
>
> Of course, it is. It is the default mode of operation supported by
> HttpClient and recommended by the project.
>
> Cheers
>
> Oleg
>
> > Best regards,
> > Kirill
> >
> >
> >
> > *Von:* Oleg Kalnichevski 
> >
> > *Gesendet:* Mittwoch, 10. Juli 2019 15:49
> > *An:* HttpClient User Discussion
> > *Betreff:* Re: NTLM Authentication fails
> >
> >
> >
> > On Mon, 2019-07-08 at 09:27 +, Kirill wrote:
> > > Dear HttpClient Support List,
> > >
> > > I found out that when trying to make NTLM Authentication using
> > > httpclient-win-4.5.6.jar library it relies on
> > > CurrentWindowsCredentials instead of using credentials provided in
> > > WindowsCredentialsProvider which it seems to be incorrect for the
> > > case when web-container (Tomcat in my case) is running as a service
> > > under another "Local System" user on Windows machine. It retrieves
> > > incorrect username which is not authorized to pass NTLM
> > > authentication and gets 401 Unauthorized Error. Besides, if web
> > > container (Tomcat in my case) is running inside Docker Linux
> > > Container it does not work at all because the user specified inside
> > > Docker Container is completely different from the Windows one. I
> > > suppose that in WindowsNegotiateScheme.authenticate() method the
> > > below implementation should not rely on CurrentWindowsCredentials
> > > and
> > > throw Exception but have to use the Credentials specified in
> > > WindowsCredentialsProvider.
> > >
> > > if (clientCred == null) {
> > > // ?? We don't use the credentials, should we allow anything?
> > > if (!(credentials instanceof CurrentWindowsCredentials)) {
> > > throw new InvalidCredentialsException(
> > > "Credentials cannot be used for " + getSchemeName() + "
> > > authentication: "
> > > + credentials.getClass().getName());
> > > }
> > >
> > >
> > > Also WindowsCredentialsProvider should not use instance of
> > > CurrentWindowsCredentials in case of AuthSchemes.NTLM but use
> > > provider.getCredentials(authscope) one:
> > >
> > > public Credentials getCredentials(final AuthScope authscope) {
> > > final String scheme = authscope.getScheme();
> > > if (AuthSchemes.NTLM.equalsIgnoreCase(scheme) ||
> > > AuthSchemes.SPNEGO.equalsIgnoreCase(scheme)) {
> > > return CurrentWindowsCredentials.INSTANCE;
> > > } else {
> > > return provider.getCredentials(authscope);
> > > }
> > > }
> > >
> > > Besides, if user provides the credentials of another user which is
> > > different from the user logged in to Windows system, httpclient-win
> > > API should not try to get information about currently logged user
> > > via
> > > CurrentWindowsCredentials class but has to use those credentials
> > > provided in WindowsCredentialsProvider if there are provided. If
> > > the
> > > credentials are not provided, then probably makes sense to get user
> > > using CurrentWindowsCredentials.
> > >
> > > Here is the code snippet how NTLM authentication was used in my
> > > case
> > > via httpclient-4.4.0.jar and httpclient-win-4.5.6.jar libraries:
> > >
&

Re: NTLM Authentication fails

2019-07-17 Thread Oleg Kalnichevski

On Tue, 2019-07-16 at 16:21 +0200, Kirill wrote:
> Dear HtpClient Users Group,
> 
> 
> Is it possible to make NTLM Authentication using only HttpClient
> library
> (without htppclient-win library) which will be working independently
> on
> whether it is  running on Windows or Linux?
> 

Of course, it is. It is the default mode of operation supported by
HttpClient and recommended by the project.

Cheers

Oleg

> Best regards,
> Kirill
> 
> 
> 
> *Von:* Oleg Kalnichevski 
> 
> *Gesendet:* Mittwoch, 10. Juli 2019 15:49
> *An:* HttpClient User Discussion
> *Betreff:* Re: NTLM Authentication fails
> 
> 
> 
> On Mon, 2019-07-08 at 09:27 +, Kirill Rajbhandary wrote:
> > Dear HttpClient Support List,
> > 
> > I found out that when trying to make NTLM Authentication using
> > httpclient-win-4.5.6.jar library it relies on
> > CurrentWindowsCredentials instead of using credentials provided in
> > WindowsCredentialsProvider which it seems to be incorrect for the
> > case when web-container (Tomcat in my case) is running as a service
> > under another "Local System" user on Windows machine. It retrieves
> > incorrect username which is not authorized to pass NTLM
> > authentication and gets 401 Unauthorized Error. Besides, if web
> > container (Tomcat in my case) is running inside Docker Linux
> > Container it does not work at all because the user specified inside
> > Docker Container is completely different from the Windows one. I
> > suppose that in WindowsNegotiateScheme.authenticate() method the
> > below implementation should not rely on CurrentWindowsCredentials
> > and
> > throw Exception but have to use the Credentials specified in
> > WindowsCredentialsProvider.
> > 
> > if (clientCred == null) {
> > // ?? We don't use the credentials, should we allow anything?
> > if (!(credentials instanceof CurrentWindowsCredentials)) {
> > throw new InvalidCredentialsException(
> > "Credentials cannot be used for " + getSchemeName() + "
> > authentication: "
> > + credentials.getClass().getName());
> > }
> > 
> > 
> > Also WindowsCredentialsProvider should not use instance of
> > CurrentWindowsCredentials in case of AuthSchemes.NTLM but use
> > provider.getCredentials(authscope) one:
> > 
> > public Credentials getCredentials(final AuthScope authscope) {
> > final String scheme = authscope.getScheme();
> > if (AuthSchemes.NTLM.equalsIgnoreCase(scheme) ||
> > AuthSchemes.SPNEGO.equalsIgnoreCase(scheme)) {
> > return CurrentWindowsCredentials.INSTANCE;
> > } else {
> > return provider.getCredentials(authscope);
> > }
> > }
> > 
> > Besides, if user provides the credentials of another user which is
> > different from the user logged in to Windows system, httpclient-win
> > API should not try to get information about currently logged user
> > via
> > CurrentWindowsCredentials class but has to use those credentials
> > provided in WindowsCredentialsProvider if there are provided. If
> > the
> > credentials are not provided, then probably makes sense to get user
> > using CurrentWindowsCredentials.
> > 
> > Here is the code snippet how NTLM authentication was used in my
> > case
> > via httpclient-4.4.0.jar and httpclient-win-4.5.6.jar libraries:
> > 
> > HttpClientBuilder clientbuilder = HttpClients.custom();
> > Registry authSchemeRegistry =
> > RegistryBuilder.create()
> > .register(AuthSchemes.NTLM, new WindowsNTLMSchemeFactory(null))
> > .build();
> > CredentialsProvider windowsCredentialsProvider = new
> > WindowsCredentialsProvider(new SystemDefaultCredentialsProvider());
> > windowsCredentialsProvider.setCredentials(AuthScope.ANY, new
> > NTCredentials("username, "password", "workstation", "domain"));
> > clientbuilder.setDefaultCredentialsProvider(windowsCredentialsProvi
> > de
> > r);
> > clientbuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
> > 
> > RequestConfig.Builder requestBuilder = RequestConfig.custom();
> > requestBuilder =
> > requestBuilder.setConnectTimeout(connectionTimeout);
> > requestBuilder =
> > requestBuilder.setConnectionRequestTimeout(connectionTimeout);
> > clientbuilder.setDefaultRequestConfig(requestBuilder.build());
> > client = clientbuilder.build();
> > 
> > HttpGet get = new HttpGet("http://test.url/ntlm;);
> > CloseableHttpResponse response = client.execute(get);
> > 
> > Could you please advise a workaround for the issue and make the
> >

RE: NTLM Authentication fails

2019-07-16 Thread Kirill

Dear HtpClient Users Group,


Is it possible to make NTLM Authentication using only HttpClient library
(without htppclient-win library) which will be working independently on
whether it is  running on Windows or Linux?

Best regards,
Kirill



*Von:* Oleg Kalnichevski 

*Gesendet:* Mittwoch, 10. Juli 2019 15:49
*An:* HttpClient User Discussion
*Betreff:* Re: NTLM Authentication fails



On Mon, 2019-07-08 at 09:27 +, Kirill Rajbhandary wrote:
> Dear HttpClient Support List,
>
> I found out that when trying to make NTLM Authentication using
> httpclient-win-4.5.6.jar library it relies on
> CurrentWindowsCredentials instead of using credentials provided in
> WindowsCredentialsProvider which it seems to be incorrect for the
> case when web-container (Tomcat in my case) is running as a service
> under another "Local System" user on Windows machine. It retrieves
> incorrect username which is not authorized to pass NTLM
> authentication and gets 401 Unauthorized Error. Besides, if web
> container (Tomcat in my case) is running inside Docker Linux
> Container it does not work at all because the user specified inside
> Docker Container is completely different from the Windows one. I
> suppose that in WindowsNegotiateScheme.authenticate() method the
> below implementation should not rely on CurrentWindowsCredentials and
> throw Exception but have to use the Credentials specified in
> WindowsCredentialsProvider.
>
> if (clientCred == null) {
> // ?? We don't use the credentials, should we allow anything?
> if (!(credentials instanceof CurrentWindowsCredentials)) {
> throw new InvalidCredentialsException(
> "Credentials cannot be used for " + getSchemeName() + "
> authentication: "
> + credentials.getClass().getName());
> }
>
>
> Also WindowsCredentialsProvider should not use instance of
> CurrentWindowsCredentials in case of AuthSchemes.NTLM but use
> provider.getCredentials(authscope) one:
>
> public Credentials getCredentials(final AuthScope authscope) {
> final String scheme = authscope.getScheme();
> if (AuthSchemes.NTLM.equalsIgnoreCase(scheme) ||
> AuthSchemes.SPNEGO.equalsIgnoreCase(scheme)) {
> return CurrentWindowsCredentials.INSTANCE;
> } else {
> return provider.getCredentials(authscope);
> }
> }
>
> Besides, if user provides the credentials of another user which is
> different from the user logged in to Windows system, httpclient-win
> API should not try to get information about currently logged user via
> CurrentWindowsCredentials class but has to use those credentials
> provided in WindowsCredentialsProvider if there are provided. If the
> credentials are not provided, then probably makes sense to get user
> using CurrentWindowsCredentials.
>
> Here is the code snippet how NTLM authentication was used in my case
> via httpclient-4.4.0.jar and httpclient-win-4.5.6.jar libraries:
>
> HttpClientBuilder clientbuilder = HttpClients.custom();
> Registry authSchemeRegistry =
> RegistryBuilder.create()
> .register(AuthSchemes.NTLM, new WindowsNTLMSchemeFactory(null))
> .build();
> CredentialsProvider windowsCredentialsProvider = new
> WindowsCredentialsProvider(new SystemDefaultCredentialsProvider());
> windowsCredentialsProvider.setCredentials(AuthScope.ANY, new
> NTCredentials("username, "password", "workstation", "domain"));
> clientbuilder.setDefaultCredentialsProvider(windowsCredentialsProvide
> r);
> clientbuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
>
> RequestConfig.Builder requestBuilder = RequestConfig.custom();
> requestBuilder = requestBuilder.setConnectTimeout(connectionTimeout);
> requestBuilder =
> requestBuilder.setConnectionRequestTimeout(connectionTimeout);
> clientbuilder.setDefaultRequestConfig(requestBuilder.build());
> client = clientbuilder.build();
>
> HttpGet get = new HttpGet("http://test.url/ntlm;);
> CloseableHttpResponse response = client.execute(get);
>
> Could you please advise a workaround for the issue and make the
> corresponding fix if you consider my description as an issue?
>

Hi Kirill

I am not sure I fully understand your logic here but also admittedly I
have little idea how things work in Windows these days.

The HttpClient for Windows is an experimental module and is NOT
recommended for production use. On a number of occasions we have
considered dropping Windows specific code altogether.

However if you contribute a PR with your proposed improvements I will
happily review them.

Cheers

Oleg

Re: NTLM Authentication fails

2019-07-10 Thread Oleg Kalnichevski

On Mon, 2019-07-08 at 09:27 +, Kirill Rajbhandary wrote:
> Dear HttpClient Support List,
> 
> I found out that when trying to make NTLM Authentication using
> httpclient-win-4.5.6.jar library it relies on
> CurrentWindowsCredentials instead of using credentials provided in
> WindowsCredentialsProvider which it seems to be incorrect for the
> case when web-container (Tomcat in my case) is running as a service
> under another "Local System" user on Windows machine. It retrieves
> incorrect username which is not authorized to pass NTLM
> authentication and gets 401 Unauthorized Error. Besides, if web
> container (Tomcat in my case) is running inside Docker Linux
> Container it does not work at all because the user specified inside
> Docker Container is completely different from the Windows one. I
> suppose that in WindowsNegotiateScheme.authenticate() method the
> below implementation should not rely on CurrentWindowsCredentials and
> throw Exception but have to use the Credentials specified in
> WindowsCredentialsProvider.
> 
> if (clientCred == null) {
> // ?? We don't use the credentials, should we allow anything?
> if (!(credentials instanceof CurrentWindowsCredentials)) {
> throw new InvalidCredentialsException(
> "Credentials cannot be used for " + getSchemeName() + "
> authentication: "
> + credentials.getClass().getName());
> }
> 
>
> Also WindowsCredentialsProvider should not use instance of
> CurrentWindowsCredentials in case of AuthSchemes.NTLM but use
> provider.getCredentials(authscope) one:
> 
> public Credentials getCredentials(final AuthScope authscope) {
> final String scheme = authscope.getScheme();
> if (AuthSchemes.NTLM.equalsIgnoreCase(scheme) ||
> AuthSchemes.SPNEGO.equalsIgnoreCase(scheme)) {
> return CurrentWindowsCredentials.INSTANCE;
> } else {
> return provider.getCredentials(authscope);
> }
> }
> 
> Besides, if user provides the credentials of another user which is
> different from the user logged in to Windows system, httpclient-win
> API should not try to get information about currently logged user via
> CurrentWindowsCredentials class but has to use those credentials
> provided in WindowsCredentialsProvider if there are provided. If the
> credentials are not provided, then probably makes sense to get user
> using CurrentWindowsCredentials.
> 
> Here is the code snippet how NTLM authentication was used in my case
> via httpclient-4.4.0.jar and httpclient-win-4.5.6.jar libraries:
> 
> HttpClientBuilder clientbuilder = HttpClients.custom();
> Registry authSchemeRegistry =
> RegistryBuilder.create()
> .register(AuthSchemes.NTLM, new WindowsNTLMSchemeFactory(null))
> .build();
> CredentialsProvider windowsCredentialsProvider = new
> WindowsCredentialsProvider(new SystemDefaultCredentialsProvider());
> windowsCredentialsProvider.setCredentials(AuthScope.ANY, new
> NTCredentials("username, "password", "workstation", "domain"));
> clientbuilder.setDefaultCredentialsProvider(windowsCredentialsProvide
> r);
> clientbuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
> 
> RequestConfig.Builder requestBuilder = RequestConfig.custom();
> requestBuilder = requestBuilder.setConnectTimeout(connectionTimeout);
> requestBuilder =
> requestBuilder.setConnectionRequestTimeout(connectionTimeout);
> clientbuilder.setDefaultRequestConfig(requestBuilder.build());
> client = clientbuilder.build();
> 
> HttpGet get = new HttpGet("http://test.url/ntlm;);
> CloseableHttpResponse response = client.execute(get);
> 
> Could you please advise a workaround for the issue and make the
> corresponding fix if you consider my description as an issue?
> 

Hi Kirill

I am not sure I fully understand your logic here but also admittedly I
have little idea how things work in Windows these days. 

The HttpClient for Windows is an experimental module and is NOT
recommended for production use. On a number of occasions we have
considered dropping Windows specific code altogether.

However if you contribute a PR with your proposed improvements I will
happily review them.

Cheers

Oleg


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

RE: NTLM authentication fails

2014-09-15 Thread Christoph Ernst | TRANSPOREON

fyi, the HttpURLConnection implementation works

-Original Message-
From: Christoph Ernst | TRANSPOREON [mailto:er...@transporeon.com] 
Sent: Freitag, 12. September 2014 17:03
To: HttpClient User Discussion
Subject: RE: NTLM authentication fails

i did some tests with 4.3.5  JCIFSEngine and 4.4-alpha1, always get 401 i have 
compared the logs of all 3 versions and the only differences are the digest and 
ntlm hashes, but that's no surprise

i know the credentials work because it works with curl, here is the verbose 
output if you want to take a look: http://pastebin.com/2YqDgvbU

maybe it is really a incompatiblity with IIS8

the application will deployed on a linux servers, so i assume native windows 
apis won't help there

next option i will try is HttpUrlConnection, thanks for the hint vanita

-Original Message-
From: Oleg Kalnichevski [mailto:ol...@apache.org]
Sent: Freitag, 12. September 2014 16:49
To: HttpClient User Discussion
Subject: Re: NTLM authentication fails

On Fri, 2014-09-12 at 10:33 -0400, Chawla, Vanita wrote:
 Hi Christopher,

 Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while 
 calling REST web service for me last year. I had issues with HTTP 
 client version. You may want to try to see if you get past the 
 NTLM/connection issues.

HttpUrlConnection makes use of Windows native APIs behind the scene, which 
naturally makes it more compatible than pure Java solutions. If 
HttpUrlConnection works for but you still want to stick with HttpClient you 
could consider using HttpClient 4.4 that also supports native Windows auth.

Oleg

 Thanks

 On 9/12/14, 10:28 AM, Oleg Kalnichevski ol...@apache.org wrote:

 On Fri, 2014-09-12 at 12:55 +, Christoph Ernst | TRANSPOREON wrote:
  hi,
  i'm trying to call a SOAP webservice hosted on an external 
 webserver running IIS8 thru a Squid HTTP proxy.
  normally i use CXF for webservice clients, but the version i'm 
 using does not support NTLM auth.

  i'm using the latest httpclient version (4.3.5)  my code: 
 http://pastebin.com/YPuNWBer  debug log: 
 http://pastebin.com/meT0K1FX  my credentials are formatted as: 
 DOMAIN/user:pass, like it is required by the NTCredentials(String) 
 ctor

  i have already *succesfully* tested the code with a local IIS 7.5 
 with and without the same proxy.
  i was also able to succesfully authenticate using the following 
 curl command  curl -v -x proxy:3128 --proxy-digest -U proxyuser 
 http://externalhost:8101/service.svc; -u DOMAIN\user --ntlm

  can you tell me what could be the problem?
  thanks in advance

 I see nothing wrong with HTTP packets generated by HttpClient. It 
 looks like the server simply does not like your creds or there is 
 some sort of incompatibility with IIS8. You might want to try to give 
 JCIFS engine a try [1] and see if that makes any difference.

 Oleg

 [1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html

 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org

 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

B CB  [  
X  ܚX KK[XZ[
  Y[ 
]\ \  ][  X  ܚX P˘\X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
  Y[ 
]\ \  Z[˘\X K ܙ B B

Re: NTLM authentication fails

2014-09-12 Thread Chawla, Vanita

Hi Christopher,

Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while
calling REST web service for me last year. I had issues with HTTP client
version. You may want to try to see if you get past the NTLM/connection
issues.

Thanks

On 9/12/14, 10:28 AM, Oleg Kalnichevski ol...@apache.org wrote:

On Fri, 2014-09-12 at 12:55 +, Christoph Ernst | TRANSPOREON wrote:
 hi,
 i'm trying to call a SOAP webservice hosted on an external webserver
running IIS8 thru a Squid HTTP proxy.
 normally i use CXF for webservice clients, but the version i'm using
does not support NTLM auth.
 
 i'm using the latest httpclient version (4.3.5)
 my code: http://pastebin.com/YPuNWBer
 debug log: http://pastebin.com/meT0K1FX
 my credentials are formatted as: DOMAIN/user:pass, like it is
required by the NTCredentials(String) ctor
 
 i have already *succesfully* tested the code with a local IIS 7.5 with
and without the same proxy.
 i was also able to succesfully authenticate using the following curl
command
 curl -v -x proxy:3128 --proxy-digest -U proxyuser
http://externalhost:8101/service.svc; -u DOMAIN\user --ntlm
 
 can you tell me what could be the problem?
 thanks in advance
 

I see nothing wrong with HTTP packets generated by HttpClient. It looks
like the server simply does not like your creds or there is some sort of
incompatibility with IIS8. You might want to try to give JCIFS engine a
try [1] and see if that makes any difference.

Oleg

[1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html



-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org



-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: NTLM authentication fails

2014-09-12 Thread Oleg Kalnichevski

On Fri, 2014-09-12 at 10:33 -0400, Chawla, Vanita wrote:
 Hi Christopher,
 
 Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while
 calling REST web service for me last year. I had issues with HTTP client
 version. You may want to try to see if you get past the NTLM/connection
 issues.
 

HttpUrlConnection makes use of Windows native APIs behind the scene,
which naturally makes it more compatible than pure Java solutions. If
HttpUrlConnection works for but you still want to stick with HttpClient
you could consider using HttpClient 4.4 that also supports native
Windows auth.

Oleg

 Thanks
 
 On 9/12/14, 10:28 AM, Oleg Kalnichevski ol...@apache.org wrote:
 
 On Fri, 2014-09-12 at 12:55 +, Christoph Ernst | TRANSPOREON wrote:
  hi,
  i'm trying to call a SOAP webservice hosted on an external webserver
 running IIS8 thru a Squid HTTP proxy.
  normally i use CXF for webservice clients, but the version i'm using
 does not support NTLM auth.
  
  i'm using the latest httpclient version (4.3.5)
  my code: http://pastebin.com/YPuNWBer
  debug log: http://pastebin.com/meT0K1FX
  my credentials are formatted as: DOMAIN/user:pass, like it is
 required by the NTCredentials(String) ctor
  
  i have already *succesfully* tested the code with a local IIS 7.5 with
 and without the same proxy.
  i was also able to succesfully authenticate using the following curl
 command
  curl -v -x proxy:3128 --proxy-digest -U proxyuser
 http://externalhost:8101/service.svc; -u DOMAIN\user --ntlm
  
  can you tell me what could be the problem?
  thanks in advance
  
 
 I see nothing wrong with HTTP packets generated by HttpClient. It looks
 like the server simply does not like your creds or there is some sort of
 incompatibility with IIS8. You might want to try to give JCIFS engine a
 try [1] and see if that makes any difference.
 
 Oleg
 
 [1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
 
 
 
 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org
 
 
 
 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org
 



-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

RE: NTLM authentication fails

2014-09-12 Thread Christoph Ernst | TRANSPOREON

i did some tests with 4.3.5  JCIFSEngine and 4.4-alpha1, always get 401
i have compared the logs of all 3 versions and the only differences are the 
digest and ntlm hashes, but that's no surprise

i know the credentials work because it works with curl, here is the verbose 
output if you want to take a look: http://pastebin.com/2YqDgvbU

maybe it is really a incompatiblity with IIS8

the application will deployed on a linux servers, so i assume native windows 
apis won't help there

next option i will try is HttpUrlConnection, thanks for the hint vanita

-Original Message-
From: Oleg Kalnichevski [mailto:ol...@apache.org] 
Sent: Freitag, 12. September 2014 16:49
To: HttpClient User Discussion
Subject: Re: NTLM authentication fails

On Fri, 2014-09-12 at 10:33 -0400, Chawla, Vanita wrote:
 Hi Christopher,
 
 Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while 
 calling REST web service for me last year. I had issues with HTTP 
 client version. You may want to try to see if you get past the 
 NTLM/connection issues.
 

HttpUrlConnection makes use of Windows native APIs behind the scene, which 
naturally makes it more compatible than pure Java solutions. If 
HttpUrlConnection works for but you still want to stick with HttpClient you 
could consider using HttpClient 4.4 that also supports native Windows auth.

Oleg

 Thanks
 
 On 9/12/14, 10:28 AM, Oleg Kalnichevski ol...@apache.org wrote:
 
 On Fri, 2014-09-12 at 12:55 +, Christoph Ernst | TRANSPOREON wrote:
  hi,
  i'm trying to call a SOAP webservice hosted on an external 
 webserver running IIS8 thru a Squid HTTP proxy.
  normally i use CXF for webservice clients, but the version i'm 
 using does not support NTLM auth.
  
  i'm using the latest httpclient version (4.3.5)  my code: 
 http://pastebin.com/YPuNWBer  debug log: 
 http://pastebin.com/meT0K1FX  my credentials are formatted as: 
 DOMAIN/user:pass, like it is required by the NTCredentials(String) 
 ctor
  
  i have already *succesfully* tested the code with a local IIS 7.5 
 with and without the same proxy.
  i was also able to succesfully authenticate using the following 
 curl command  curl -v -x proxy:3128 --proxy-digest -U proxyuser 
 http://externalhost:8101/service.svc; -u DOMAIN\user --ntlm
  
  can you tell me what could be the problem?
  thanks in advance
  
 
 I see nothing wrong with HTTP packets generated by HttpClient. It 
 looks like the server simply does not like your creds or there is 
 some sort of incompatibility with IIS8. You might want to try to give 
 JCIFS engine a try [1] and see if that makes any difference.
 
 Oleg
 
 [1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
 
 
 
 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org
 
 
 
 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org
 



-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: NTLM Authentication fails

Re: NTLM Authentication fails

RE: NTLM Authentication fails

Re: NTLM Authentication fails

RE: NTLM authentication fails

Re: NTLM authentication fails

Re: NTLM authentication fails

RE: NTLM authentication fails

8 matches

Site Navigation

Mail list logo

Footer information