Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme
---------------------------------------------------------------------------
Key: HTTPCLIENT-1093
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1093
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 4.1.1
Environment: Windows Server 2008 R2 Standard Edition SP1 (64-bit Intel)
Java Runtime Environment 1.6.0_24
Localhost proxy on port 8888
Reporter: Jesse Docken
I have the web server configured to authenticate on Digest using md5-sess over
the local AD. I'm running Fiddler in the background, which creates a localhost
proxy on port 8888. When I authenticate into the server using Firefox, it
generates the response code properly and can access the server. However, when
I attempt to connect with HttpClient it always receives a 401 response from the
server. Upon investigation, it appears that Firefox generates the response
differently than HttpClient does.
The following code creates the same response that Firefox generates and returns
to the server:
public static void main (String args[]) throws Exception {
MessageDigest md5 = MessageDigest.getInstance("md5");
Charset utf8 = Charset.forName("UTF-8");
byte[] HA2Input = "GET:/".getBytes(utf8);
String nonce = "server-generated nonce";
String cnonce = "random digits";
String counter = "00000001";
String qop = "auth";
byte[] HA1Input = "user:realm:password".getBytes(utf8);
byte[] HA1 = md5.digest(HA1Input);
HA1 = md5.digest((ByteArrayToHex(HA1) + ":" + nonce + ":" +
cnonce).getBytes(utf8));
byte[] HA2 = md5.digest(HA2Input);
byte[] ResponseInput = (ByteArrayToHex(HA1) + ":" + nonce + ":" +
counter + ":" +
cnonce + ":" + qop + ":" +
ByteArrayToHex(HA2)).getBytes(utf8);
byte[] Response = md5.digest(ResponseInput);
System.out.println("Response: " + ByteArrayToHex(Response));
}
private static String ByteArrayToHex(byte[] bytes) {
char[] hexArray =
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
char[] hexChars = new char[bytes.length * 2];
int v;
for ( int j = 0; j < bytes.length; j++ ) {
v = bytes[j] & 0xFF;
hexChars[j*2] = hexArray[v/16];
hexChars[j*2 + 1] = hexArray[v%16];
}
return new String(hexChars);
}
Replacing the string constants with the proper values will generate the proper
response result. When I use this code with the values that HttpClient
generates, however, it fails. Is there a reason for this?
Also, here is the original code I used to connect to the server via HttpClient:
public static void main(String args[]) throws Exception {
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpContext localContext = new BasicHttpContext();
HttpHost target = new HttpHost("192.168.0.1", 80, "http");
HttpHead httphead = new HttpHead("/");
HttpHost proxy = new HttpHost("localhost", 8888);
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY,
proxy);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY,
new NTCredentials("user", "password", "workstation",
""));
if (!new File(System.getenv("windir") + "\\krb5.ini").exists()) {
List<String> authtypes = new ArrayList<String>();
authtypes.add(AuthPolicy.NTLM);
authtypes.add(AuthPolicy.DIGEST);
authtypes.add(AuthPolicy.BASIC);
httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF,
authtypes);
httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
authtypes);
}
localContext.setAttribute(ClientContext.CREDS_PROVIDER, credsProvider);
HttpResponse response = httpclient.execute(target, httphead,
localContext);
System.out.println("Response code: " + response.getStatusLine()); //
Generates 401
EntityUtils.consume(response.getEntity());
HttpGet httpget = new HttpGet("/");
response = httpclient.execute(target, httpget, localContext);
System.out.println("Response code: " + response.getStatusLine()); //
Generates 401
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
