The trace is below (wasn't sure if I could send attachments). Here is basically what you are looking at:
1. GET form.html 2. 401 returned from server 3. My application detects the 401 and does another GET but this time the NTLM credentials are provided to HTTPClient 4. NTLM negotiation succeeds and the form is returned 5. I force the socket to close between client and server so the POST to displayform2.asp will cause another 401 6. The 401 happens and again my app makes another request but this time providing the credentials 7. The 400 response is returned. I did try to add the NTLM credentials to the request the first time so that you wouldn't see the request tried twice in each case and it still had the same result. DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "GET /ntlmtest/form.html HTTP/1.1[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-sh ockwave-flash, */*[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "Accept-Language: en-us[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "UA-CPU: x86[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "Accept-Encoding: gzip, deflate[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "If-None-Match: "d0513afb5cfc71:5898"[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4 322)[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "Cookie: __utma=192635624.1155137762.1196176465.1205518449.1205528317.17; __ut mz=192635624.1196176465.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none ); mbox=PC#1203020122430-488091.00#1267215576|session#1204 140538593-649658#1204145436|edge#app2-prod3.prod3.offermatica.com.120414 3582590#1204145437|check#true#1204143636; Janus4Legacy=Jan us4Legacy; CStoneSessionID=QrsnhygYbnqre4f033a1!119343e67ab!-7f1b[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "Host: mssb01.stone-ware.com[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: >> "[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "Content-Length: 1656[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "Content-Type: text/html[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "Server: Microsoft-IIS/6.0[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "WWW-Authenticate: NTLM[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "WWW-Authenticate: Negotiate[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="3393c6f9679ac80 1fe20959cc5fb4d2960f5333ce01f368be592f3faf685be1ed5424759ee12105f",chars et=utf-8,realm="stone-ware.com"[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "MicrosoftOfficeWebServer: 5.0_Pub[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "X-Powered-By: ASP.NET[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "Date: Wed, 09 Apr 2008 17:34:34 GMT[\r][\n]" DEBUG (04/09) 13:34:34 [httpclient.wire.header]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html 4/strict.dtd">[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">[\ r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<STYLE type="text/css">[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " BODY { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " H1 { font: 13pt/15pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " H2 { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " A:link { color: red }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " A:visited { color: maroon }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</STYLE>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<h1>You are not authorized to view this page</h1>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "You do not have permission to view this directory or page using the credenti als that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<p>Please try the following:</p>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Click the <a href="javascript:location.reload()">Refresh</a> button to t ry again with different cred" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "entials.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server configur ation.<br>Internet Information Services (IIS)</h2>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<p>Technical Information (for support personnel)</p>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180";>Microsoft Pr oduct Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>401</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),[\r][ \n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " and search for topics titled <b>About Security</b>, <b>Authentication</b>, and <b>About Custom Error Messages</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</TD></TR></TABLE></BODY></HTML>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "GET /ntlmtest/form.html HTTP/1.1[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-sh ockwave-flash, */*[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept-Language: en-us[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "UA-CPU: x86[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept-Encoding: gzip, deflate[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "If-None-Match: "d0513afb5cfc71:5898"[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4 322)[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Cookie: __utma=192635624.1155137762.1196176465.1205518449.1205528317.17; __ut mz=192635624.1196176465.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none ); mbox=PC#1203020122430-488091.00#1267215576|session#1204 140538593-649658#1204145436|edge#app2-prod3.prod3.offermatica.com.120414 3582590#1204145437|check#true#1204143636; Janus4Legacy=Jan us4Legacy; CStoneSessionID=QrsnhygYbnqre4f033a1!119343e67ab!-7f1b[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Host: mssb01.stone-ware.com[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Content-Length: 1656[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Content-Type: text/html[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Server: Microsoft-IIS/6.0[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "WWW-Authenticate: NTLM[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "WWW-Authenticate: Negotiate[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="9b1cd0f9679ac80 1ee22ced61e15d5f81247262f3e9885285d41e49b86879a898512b452dd89e91b",chars et=utf-8,realm="stone-ware.com"[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "MicrosoftOfficeWebServer: 5.0_Pub[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "X-Powered-By: ASP.NET[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Date: Wed, 09 Apr 2008 17:34:34 GMT[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html 4/strict.dtd">[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">[\ r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<STYLE type="text/css">[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " BODY { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " H1 { font: 13pt/15pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " H2 { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " A:link { color: red }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " A:visited { color: maroon }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</STYLE>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<h1>You are not authorized to view this page</h1>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "You do not have permission to view this directory or page using the credenti als that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<p>Please try the following:</p>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Click the <a href="javascript:location.reload()">Refresh</a> button to t ry again with different cred" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "entials.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server configur ation.<br>Internet Information Services (IIS)</h2>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<p>Technical Information (for support personnel)</p>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180";>Microsoft Pr oduct Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>401</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),[\r][ \n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " and search for topics titled <b>About Security</b>, <b>Authentication</b>, and <b>About Custom Error Messages</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</TD></TR></TABLE></BODY></HTML>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "GET /ntlmtest/form.html HTTP/1.1[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-sh ockwave-flash, */*[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept-Language: en-us[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "UA-CPU: x86[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept-Encoding: gzip, deflate[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "If-None-Match: "d0513afb5cfc71:5898"[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4 322)[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Cookie: __utma=192635624.1155137762.1196176465.1205518449.1205528317.17; __ut mz=192635624.1196176465.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none ); mbox=PC#1203020122430-488091.00#1267215576|session#1204 140538593-649658#1204145436|edge#app2-prod3.prod3.offermatica.com.120414 3582590#1204145437|check#true#1204143636; Janus4Legacy=Jan us4Legacy; CStoneSessionID=QrsnhygYbnqre4f033a1!119343e67ab!-7f1b[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Authorization: NTLM TlRMTVNTUAABAAAABlIAAAcABwA0AAAAFAAUACAAAABTV1RFVC5TVE9OR S1XQVJFLkNPTU5PVC1TRVQ=[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Host: mssb01.stone-ware.com[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Content-Length: 1539[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Content-Type: text/html[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Server: Microsoft-IIS/6.0[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "WWW-Authenticate: NTLM TlRMTVNTUAACAAAACgAKADgAAAAGAoECTdghKL1Qs5IAAAAAAAAAAJ oAmgBCAAAABQLODgAAAA9TVE9ORS1XQVJFAgAUAFMAVABPAE4ARQAtAFcAQQBSAEUAAQAMAE 0AUwBTAEIAMAAxAAQAHABzAHQAbwBuAGUALQB3AGEAcgBlAC4AYwBvAG0A AwAqAE0AUwBTAEIAMAAxAC4AcwB0AG8AbgBlAC0AdwBhAHIAZQAuAGMAbwBtAAUAHABzAHQA bwBuAGUALQB3AGEAcgBlAC4AYwBvAG0AAAAAAA==[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "MicrosoftOfficeWebServer: 5.0_Pub[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "X-Powered-By: ASP.NET[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Date: Wed, 09 Apr 2008 17:34:34 GMT[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html 4/strict.dtd">[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">[\ r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<STYLE type="text/css">[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " BODY { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " H1 { font: 13pt/15pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " H2 { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " A:link { color: red }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " A:visited { color: maroon }[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</STYLE>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<h1>You are not authorized to view this page</h1>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "You do not have permission to view this directory or page using the credenti als that you supplied.[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<p>Please try the following:</p>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Click the <a href="javascript:location.reload()">Refresh</a> button to t ry again with different credentials.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<h2>HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credent ials.<br>Internet " DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "Information Services (IIS)</h2>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<p>Technical Information (for support personnel)</p>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180";>Microsoft Pr oduct Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>401</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),[\r][ \n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << " and search for topics titled <b>Authentication</b>, <b>Access Control</b>, and <b>About Custom Error Messages</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.content]: << "</TD></TR></TABLE></BODY></HTML>[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "GET /ntlmtest/form.html HTTP/1.1[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-sh ockwave-flash, */*[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept-Language: en-us[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "UA-CPU: x86[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Accept-Encoding: gzip, deflate[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "If-None-Match: "d0513afb5cfc71:5898"[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4 322)[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Cookie: __utma=192635624.1155137762.1196176465.1205518449.1205528317.17; __ut mz=192635624.1196176465.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none ); mbox=PC#1203020122430-488091.00#1267215576|session#1204 140538593-649658#1204145436|edge#app2-prod3.prod3.offermatica.com.120414 3582590#1204145437|check#true#1204143636; Janus4Legacy=Jan us4Legacy; CStoneSessionID=QrsnhygYbnqre4f033a1!119343e67ab!-7f1b[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGQAAAAAAAAAfAAAAAcABwBAAAAACQAJAEcAA AAUABQAUAAAAAAAAAB8AAAABlIAAE5PVC1TRVRUVEhPTVBTT05TV1RFVC5TVE9ORS1XQVJFL kNPTXGSJKZjdgHIyNtBBEE+8NlDIV9gfFJFAg==[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "Host: mssb01.stone-ware.com[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: >> "[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "HTTP/1.1 304 Not Modified[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "HTTP/1.1 304 Not Modified[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Last-Modified: Wed, 25 Jul 2007 21:51:40 GMT[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Accept-Ranges: bytes[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "ETag: "d0513afb5cfc71:5898"[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Server: Microsoft-IIS/6.0[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "MicrosoftOfficeWebServer: 5.0_Pub[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "X-Powered-By: ASP.NET[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "Date: Wed, 09 Apr 2008 17:34:34 GMT[\r][\n]" DEBUG (04/09) 13:34:35 [httpclient.wire.header]: << "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "POST /ntlmtest/displayform2.asp HTTP/1.1[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-sh ockwave-flash, */*[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Accept-Language: en-us[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "UA-CPU: x86[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Accept-Encoding: gzip, deflate[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4 322)[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Cookie: __utma=192635624.1155137762.1196176465.1205518449.1205528317.17; __ut mz=192635624.1196176465.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none ); mbox=PC#1203020122430-488091.00#1267215576|session#1204 140538593-649658#1204145436|edge#app2-prod3.prod3.offermatica.com.120414 3582590#1204145437|check#true#1204143636; Janus4Legacy=Jan us4Legacy; CStoneSessionID=QrsnhygYbnqre4f033a1!119343e67ab!-7f1b[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Referer: https://bb.stone-ware.com/ntlmtest/form.html[\r][\n]"; DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Content-Length: 21[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Cache-Control: no-cache[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Host: mssb01.stone-ware.com[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Expect: 100-continue[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "HTTP/1.1 401 Unauthorized[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Content-Length: 1656[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Content-Type: text/html[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Server: Microsoft-IIS/6.0[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "WWW-Authenticate: NTLM[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "WWW-Authenticate: Negotiate[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="f7771606689ac80 1904a06dc8bf8037a09ed1f117087aea5dfb54f69e4177a1616c420cc1a6e8b62",chars et=utf-8,realm="stone-ware.com"[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "MicrosoftOfficeWebServer: 5.0_Pub[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "X-Powered-By: ASP.NET[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Date: Wed, 09 Apr 2008 17:34:54 GMT[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html 4/strict.dtd">[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">[\ r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<STYLE type="text/css">[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << " BODY { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << " H1 { font: 13pt/15pt verdana }[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << " H2 { font: 8pt/12pt verdana }[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << " A:link { color: red }[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << " A:visited { color: maroon }[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "</STYLE>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<h1>You are not authorized to view this page</h1>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "You do not have permission to view this directory or page using the credenti als that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<p>Please try the following:</p>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<li>Click the <a href="javascript:location.reload()">Refresh</a> button to t ry again with different cred" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "entials.</li>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server configur ation.<br>Internet Information Services (IIS)</h2>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<hr>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<p>Technical Information (for support personnel)</p>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<ul>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180";>Microsoft Pr oduct Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>401</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),[\r][ \n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << " and search for topics titled <b>About Security</b>, <b>Authentication</b>, and <b>About Custom Error Messages</b>.</li>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "</ul>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "</TD></TR></TABLE></BODY></HTML>[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "POST /ntlmtest/displayform2.asp HTTP/1.1[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-sh ockwave-flash, */*[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Accept-Language: en-us[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "UA-CPU: x86[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Accept-Encoding: gzip, deflate[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4 322)[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Cookie: __utma=192635624.1155137762.1196176465.1205518449.1205528317.17; __ut mz=192635624.1196176465.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none ); mbox=PC#1203020122430-488091.00#1267215576|session#1204 140538593-649658#1204145436|edge#app2-prod3.prod3.offermatica.com.120414 3582590#1204145437|check#true#1204143636; Janus4Legacy=Jan us4Legacy; CStoneSessionID=QrsnhygYbnqre4f033a1!119343e67ab!-7f1b[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Referer: https://bb.stone-ware.com/ntlmtest/form.html[\r][\n]"; DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Content-Length: 21[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Cache-Control: no-cache[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Host: mssb01.stone-ware.com[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "Expect: 100-continue[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: >> "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "HTTP/1.1 400 Bad Request[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "HTTP/1.1 400 Bad Request[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Content-Type: text/html[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Date: Wed, 09 Apr 2008 17:34:54 GMT[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Connection: close[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "Content-Length: 34[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.header]: << "[\r][\n]" DEBUG (04/09) 13:34:55 [httpclient.wire.content]: << "<h1>Bad Request (Invalid URL)</h1>" -----Original Message----- From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 1:23 PM To: HttpClient User Discussion Subject: Re: Using NTLM auth with expect continue On Tue, 2008-04-08 at 18:53 -0400, Tony Thompson wrote: > I am using HTTPClient 3.1. I have an application that does NTLM > authentication. I am posting data with the HTTPClient using a stream > that is not buffered. If the web server requires an NTLM handshake, I > get an "unbuffered entity enclosing request" exception (makes sense). > So, after searching the mailing list archives, I thought I could use > "Expect: continue" so the NTLM negotiation could happen before my > content was posted. It does not appear to work properly. On a > connection that has already been authenticated (i.e. I don't need to > authenticate the POST request), the conversation looks like this: > > POST request (headers only) --> server client <-- HTTP 100 POST > content --> server client <-- HTTP 200 > > So, if you can make sense of that, it appears the server (IIS 6.0) > will deal with expect continue correctly. So, if the connection needs > to be authenticated, here is what happens: > > POST request (headers only) --> server client <-- HTTP 401 POST > content (content is junk) --> server client <-- HTTP 400 > > I am not sure why content is posted in response to a 401. Also, the > content that is posted is the request headers that were sent in step > #1 not the actual content (that is why I said it was junk above). > > Any idea why this might be happening? I can't buffer the content > without causing major issues with my application so the expect > continue solution sounds perfect, if it can be made to work. > Tony, Please post a wire/context log of that session. I'll try to find time to take a look http://hc.apache.org/httpclient-3.x/logging.html Oleg > Thanks > Tony > > This message (and any associated files) is intended only for the use > of the individual or entity to which it is addressed and may contain > information that is confidential, subject to copyright or constitutes > a trade secret. If you are not the intended recipient you are hereby > notified that any dissemination, copying or distribution of this > message, or files associated with this message, is strictly > prohibited. If you have received this message in error, please notify > us immediately by replying to the message and deleting it from your > computer. Messages sent to and from Stoneware, Inc. > may be monitored. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
