Re: Trying to Authenticate to MS Exchange 2003

Fri, 11 Jan 2008 07:05:01 -0800 

Ok thanks.  Sorry to be such a pain.

On Jan 11, 2008, at 9:57 AM, Oleg Kalnichevski wrote:



On Fri, 2008-01-11 at 09:42 -0500, Michael Prichard wrote:

Ok, so this is the header I get from the server when initializing:

2008/01/11 09:38:14:292 EST [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0.1[\r][\n]"
2008/01/11 09:38:14:292 EST [DEBUG] header - >> "Host:
mail.exchange.com[\r][\n]"
2008/01/11 09:38:14:292 EST [DEBUG] header - >> "[\r][\n]"
2008/01/11 09:38:14:947 EST [DEBUG] header - << "HTTP/1.1 401
Unauthorized[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Connection: Keep-
Alive[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Length: 83
[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Date: Fri, 11 Jan
2008 14:41:45 GMT[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Type: text/
html[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Server: Microsoft-
IIS/6.0[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "WWW-Authenticate:
Negotiate[\r][\n]"
2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
NTLM[\r][\n]"
2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
Basic realm="mail.exchange.com"[\r][\n]"
Does the "WWW-Authenticate: NTLM[\r][\n]" mean that it has NTLM auth? 

Thanks.



Michael,

What's the point in responding to your questions if you do not read my
responses? The server does seem to support NTLM (not a very big surprise given the fact it is Microsoft Exchange 2003) but apparently the server 
has been configured to accept NTLMv2 only (newer version of the auth
scheme), whereas HttpClient can only talk NTLMv1 (older version).

Oleg



On Jan 11, 2008, at 9:27 AM, Oleg Kalnichevski wrote:



On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:

What does this mean?  Does it mean the username and password are
being sent on an open wire?



That is exactly what I was trying to tell you in my previous post.

Oleg



On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:



On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:

Yes, I got this to work by adding this:
// Sets whether authentication should be attempted preemptively. 
                client.getParams().setAuthenticationPreemptive( true );



When authenticating preemptively you ARE NOT using NTLM. (I guess
it's
fine as long as you are aware of this fact and its security
implications)

Oleg



Thanks!

On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:



On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:

Ok....figured this one out.  Add this:

                // Sets whether authentication should be attempted
preemptively.
                client.getParams().setAuthenticationPreemptive( true );


And it seems to work perfectly.  No idea why!  Anyone?



This is because BASIC authentication (read: username/password
sent in
clear text) is used to authenticate preemptively, not NTLM.

Apparently the credentials are OK, since you are able to
authenticate
using BASIC. So, most likely the server has been configured to use 
NTLMv2 only, whereas HttpClient supports NTLMv1 only.

For details see

http://wiki.apache.org/jakarta-httpclient/
FrequentlyAskedNTLMQuestions

Oleg



Thx.


On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:


Hello All,

I am trying to authenticate to MS Exchange as follows:
                
                HttpClient client = new HttpClient();
NTCredentials creds = new NTCredentials(_username, _password, 
"localhost", _domain);
                // set credentials for connection
                client.getState().setCredentials(new AuthScope
(_exchangeServer,
AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
                GetMethod get = new GetMethod(prootPath);
                get.setDoAuthentication(true);
                status = client.executeMethod(get);

When I hit the server I get this back:

Jan 10, 2008 3:10:54 PM
org.apache.commons.httpclient.auth.AuthChallengeProcessor
selectAuthScheme
INFO: ntlm authentication scheme selected
Jan 10, 2008 3:10:54 PM
org.apache.commons.httpclient.HttpMethodDirector
processWWWAuthChallenge
INFO: Failure authenticating with NTLM <any
realm>@mail.exchangeserver.com:443

I had it working with my internal test server but now when
trying
to connect to other servers I am getting Auth issues.  Ideas?

Thanks!
Michael
---------------------------------------------------------------- -- 
--
-
To unsubscribe, e-mail: httpclient-users- [EMAIL PROTECTED] 
For additional commands, e-mail: httpclient-users-
[EMAIL PROTECTED]
----------------------------------------------------------------- -- 
--
To unsubscribe, e-mail: httpclient-users- [EMAIL PROTECTED] 
For additional commands, e-mail: httpclient-users-
[EMAIL PROTECTED]
------------------------------------------------------------------ -- 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: httpclient-users- [EMAIL PROTECTED]
------------------------------------------------------------------- -- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: httpclient-users- [EMAIL PROTECTED]
-------------------------------------------------------------------- - 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to