According to section 4.6 of RFC 2617, "A user agent MUST choose to use the strongest auth- scheme it understands and request credentials from the user based upon that challenge."
Since Basic is pretty darn weak, I'd say NTLM wins out every time. Is this a point on which HttpClient should have an option to override the RFC mandated behavior? As somewhat of a fanatic about security, my take is that you should be forced to do the right thing, and if you really want to, the source is there for you to modify.
-Eric.
anon permutation wrote:
Hi,
I am using a proxy server that supports both NTLM and Basic Authentications. How do I make HttpClient use Basic Auth. instead of NTLM? I am using 2.0-rc2. Following is my code:
--------------------------------------------------------------------------------------------------------------------
HttpClient client = new HttpClient(); HttpMethod method = null;
client.getState().setProxyCredentials(null, new UsernamePasswordCredentials("user","passwd"));
HostConfiguration hc = client.getHostConfiguration(); hc.setProxy("10.0.0.2", 80);
method = new GetMethod(url);
client.executeMethod(method);
byte[] responseBody = method.getResponseBody();
-----------------------------------------------------------------------------------------------------------------
I am getting this error: Credentials cannot be used for NTLM authentication
Thanks.
_________________________________________________________________
Browse styles for all ages, from the latest looks to cozy weekend wear at MSN Shopping. And check out the beauty products! http://shopping.msn.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
