Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
I did not fully understand what you said but here is what I found: In my code the POST with NTLM, the order of execution is normally as: ConnectionDataAvailable ProcessRequest ProcessPost ConnectionDataAvailable (to receive the data fully and throw away while counting its length, when contentLength <= postedDataLen proceed) Answer401 ConnectionDataSentErrorPages (first Send in Answer401) ConnectionDataSentErrorPages (the event fired) Process Request ProcessPost ... this was the working order. Sometimes due to events, it works a bit strange: ConnectionDataAvailable ProcessRequest ProcessPost ConnectionDataAvailable (to receive the data fully and throw away while counting its length, when contentLength <= postedDataLen proceed) Answer401 ConnectionDataSentErrorPages (first Send in Answer401) ConnectionDataAvailable (ABNORMALLY READS THE NEXT REQUEST HEADER AND SOMETIMES EVEN DATA!!!) ConnectionDataSentErrorPages (the event fired) Process Request (MESSED UP HERE!!) ProcessPost ... Do you have any suggestion to Pause only data reception and not send in TWSocket? That's what comes to my mind! Best Regards, SZ - Original Message - From: "Stadin, Benjamin" <[EMAIL PROTECTED]> To: Sent: Friday, September 15, 2006 10:53 AM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) : You can rely on the NTLM message size. You can retrieve the message partly, : write it to the context struct bytewise and when the full message is : received process it and do the next step. That should be better than : Receive(). : : : SZ wrote: : : Because the 401 response could be sent before the POST data is fully here. : The same applies to all POST routines--you cannot simply rely on packet : boundaries--this is TCP! Here is my approach: : : int ToPost = toBePostedDataLen - postedDataLen; : : if(ToPost > 8192) : : ToPost = 8192; : : int Len = Receive(postedDataBuffer, ToPost); : : postedDataLen += Len; : : : toBePostedDataLen is determined is basically FRequestContentLength64 which : is 64-bit version of the same ICS variable. Also, IMO, all the ints such as : contentlength should be tranformed to __int64 to support file sizes > 2GB! : : Best Regards, : : SZ : -- : To unsubscribe or change your settings for TWSocket mailing list : please goto http://www.elists.org/mailman/listinfo/twsocket : Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
You can rely on the NTLM message size. You can retrieve the message partly, write it to the context struct bytewise and when the full message is received process it and do the next step. That should be better than Receive(). SZ wrote: Because the 401 response could be sent before the POST data is fully here. The same applies to all POST routines--you cannot simply rely on packet boundaries--this is TCP! Here is my approach: int ToPost = toBePostedDataLen - postedDataLen; if(ToPost > 8192) ToPost = 8192; int Len = Receive(postedDataBuffer, ToPost); postedDataLen += Len; toBePostedDataLen is determined is basically FRequestContentLength64 which is 64-bit version of the same ICS variable. Also, IMO, all the ints such as contentlength should be tranformed to __int64 to support file sizes > 2GB! Best Regards, SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
Because the 401 response could be sent before the POST data is fully here. The same applies to all POST routines--you cannot simply rely on packet boundaries--this is TCP! Here is my approach: int ToPost = toBePostedDataLen - postedDataLen; if(ToPost > 8192) ToPost = 8192; int Len = Receive(postedDataBuffer, ToPost); postedDataLen += Len; toBePostedDataLen is determined is basically FRequestContentLength64 which is 64-bit version of the same ICS variable. Also, IMO, all the ints such as contentlength should be tranformed to __int64 to support file sizes > 2GB! Best Regards, SZ - Original Message - From: "Fastream Technologies" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, September 15, 2006 8:15 AM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) :I debugged the code and this is the problem (client sending data before : receiving 401). Here is my idea: : : In OnDataAvailable, instead of FRcvdLine = RecieveStr(); we need to count : the number of bytes we receive and then pass to the hcRequest state : (PostDataReceived()) after that! : : Regards, : : SZ : : - Original Message - : From: "Stadin, Benjamin" <[EMAIL PROTECTED]> : To: : Sent: Thursday, September 14, 2006 9:13 PM : Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) : : :: Fastream Technologies schrieb: :: > :: > I see why I did not face this problem before with other auth methods: :: > because they (basic + digest) send 401 response only once per connection :: and :: > the first request most probably is a GET. However, NTLM requires each :: > request to have its own 401! :: :: :: That would be strange, I don't think that's the real deal. Maybe it works :: only because the connection is closed on 401? Check in your ethereal log : if :: the connection isn't closed when FF's status bar hangs. :: :: -- :: To unsubscribe or change your settings for TWSocket mailing list :: please goto http://www.elists.org/mailman/listinfo/twsocket :: Visit our website at http://www.overbyte.be : : -- : To unsubscribe or change your settings for TWSocket mailing list : please goto http://www.elists.org/mailman/listinfo/twsocket : Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
I debugged the code and this is the problem (client sending data before receiving 401). Here is my idea: In OnDataAvailable, instead of FRcvdLine = RecieveStr(); we need to count the number of bytes we receive and then pass to the hcRequest state (PostDataReceived()) after that! Regards, SZ - Original Message - From: "Stadin, Benjamin" <[EMAIL PROTECTED]> To: Sent: Thursday, September 14, 2006 9:13 PM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) : Fastream Technologies schrieb: : > : > I see why I did not face this problem before with other auth methods: : > because they (basic + digest) send 401 response only once per connection : and : > the first request most probably is a GET. However, NTLM requires each : > request to have its own 401! : : : That would be strange, I don't think that's the real deal. Maybe it works : only because the connection is closed on 401? Check in your ethereal log if : the connection isn't closed when FF's status bar hangs. : : -- : To unsubscribe or change your settings for TWSocket mailing list : please goto http://www.elists.org/mailman/listinfo/twsocket : Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
Fastream Technologies schrieb: > > I see why I did not face this problem before with other auth methods: > because they (basic + digest) send 401 response only once per connection and > the first request most probably is a GET. However, NTLM requires each > request to have its own 401! That would be strange, I don't think that's the real deal. Maybe it works only because the connection is closed on 401? Check in your ethereal log if the connection isn't closed when FF's status bar hangs. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
I see why I did not face this problem before with other auth methods: because they (basic + digest) send 401 response only once per connection and the first request most probably is a GET. However, NTLM requires each request to have its own 401! Best Regards, SZ - Original Message - From: "Fastream Technologies" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Thursday, September 14, 2006 8:25 PM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) > Here is the real problem. Let me summarize: we have NTLM + POST on > THttpServer. The client sends full header and data BEFORE receiving 401. > How > will we know when the data ends and the new request begins? There is no > support for this (upload content length check) in the component now! The > component sometimes gets confused and sees the data as new request > header!! > > Best Regards, > > SubZero > > - Original Message - > From: "Fastream Technologies" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Thursday, September 14, 2006 8:10 PM > Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) > > > : Hello, > : > : I now see why I closed the socket after POST 401: because in the > : unauthenticated case, what should one do with all the data uploaded by > : client?? Simply take them with ReceiveStr() and throw away?? > : > : Regards, > : > : SZ > : > : - Original Message ----- > : From: "Arno Garrels" <[EMAIL PROTECTED]> > : To: "ICS support mailing" > : Sent: Thursday, September 14, 2006 7:09 PM > : Subject: [twsocket] THttpSrv supporting NTLM Beta (updated) > : > : > :: Hi, > :: > :: For those of you not having followed the very long thread Urgent... > :: Here is an updated version of the THttpSrv supporting NTLM available. > :: http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060914.zip > :: > :: Read readme.txt for how to install. > :: This is for ICS V6 only. > :: > :: I'd be happy if someone test it in a domain environment, since I'm > :: running peer to peer. It includes a modified Websrv demo, a compiled > :: EXE is also included. > :: > :: --- > :: Arno Garrels [TeamICS] > :: http://www.overbyte.be/eng/overbyte/teamics.html > :: > :: > :: > :: > :: > :: -- > :: To unsubscribe or change your settings for TWSocket mailing list > :: please goto http://www.elists.org/mailman/listinfo/twsocket > :: Visit our website at http://www.overbyte.be > : > : -- > : To unsubscribe or change your settings for TWSocket mailing list > : please goto http://www.elists.org/mailman/listinfo/twsocket > : Visit our website at http://www.overbyte.be > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
Fastream Technologies wrote: > Hello, > > I now see why I closed the socket after POST 401: because in the > unauthenticated case, what should one do with all the data uploaded by > client?? Simply take them with ReceiveStr() and throw away?? That's a good question! How to handle large POSTs correctely, client as well as server part? The HTTP guys should be able to give an answer. --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > Regards, > > SZ > > - Original Message - > From: "Arno Garrels" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Thursday, September 14, 2006 7:09 PM > Subject: [twsocket] THttpSrv supporting NTLM Beta (updated) > > >> Hi, >> >> For those of you not having followed the very long thread Urgent... >> Here is an updated version of the THttpSrv supporting NTLM available. >> http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060914.zip >> >> Read readme.txt for how to install. >> This is for ICS V6 only. >> >> I'd be happy if someone test it in a domain environment, since I'm >> running peer to peer. It includes a modified Websrv demo, a compiled >> EXE is also included. >> >> --- >> Arno Garrels [TeamICS] >> http://www.overbyte.be/eng/overbyte/teamics.html >> >> >> >> >> >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
Here is the real problem. Let me summarize: we have NTLM + POST on THttpServer. The client sends full header and data BEFORE receiving 401. How will we know when the data ends and the new request begins? There is no support for this (upload content length check) in the component now! The component sometimes gets confused and sees the data as new request header!! Best Regards, SubZero - Original Message - From: "Fastream Technologies" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Thursday, September 14, 2006 8:10 PM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta (updated) : Hello, : : I now see why I closed the socket after POST 401: because in the : unauthenticated case, what should one do with all the data uploaded by : client?? Simply take them with ReceiveStr() and throw away?? : : Regards, : : SZ : : - Original Message - : From: "Arno Garrels" <[EMAIL PROTECTED]> : To: "ICS support mailing" : Sent: Thursday, September 14, 2006 7:09 PM : Subject: [twsocket] THttpSrv supporting NTLM Beta (updated) : : :: Hi, :: :: For those of you not having followed the very long thread Urgent... :: Here is an updated version of the THttpSrv supporting NTLM available. :: http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060914.zip :: :: Read readme.txt for how to install. :: This is for ICS V6 only. :: :: I'd be happy if someone test it in a domain environment, since I'm :: running peer to peer. It includes a modified Websrv demo, a compiled :: EXE is also included. :: :: --- :: Arno Garrels [TeamICS] :: http://www.overbyte.be/eng/overbyte/teamics.html :: :: :: :: :: :: -- :: To unsubscribe or change your settings for TWSocket mailing list :: please goto http://www.elists.org/mailman/listinfo/twsocket :: Visit our website at http://www.overbyte.be : : -- : To unsubscribe or change your settings for TWSocket mailing list : please goto http://www.elists.org/mailman/listinfo/twsocket : Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta (updated)
Hello, I now see why I closed the socket after POST 401: because in the unauthenticated case, what should one do with all the data uploaded by client?? Simply take them with ReceiveStr() and throw away?? Regards, SZ - Original Message - From: "Arno Garrels" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Thursday, September 14, 2006 7:09 PM Subject: [twsocket] THttpSrv supporting NTLM Beta (updated) : Hi, : : For those of you not having followed the very long thread Urgent... : Here is an updated version of the THttpSrv supporting NTLM available. : http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060914.zip : : Read readme.txt for how to install. : This is for ICS V6 only. : : I'd be happy if someone test it in a domain environment, since I'm : running peer to peer. It includes a modified Websrv demo, a compiled : EXE is also included. : : --- : Arno Garrels [TeamICS] : http://www.overbyte.be/eng/overbyte/teamics.html : : : : : : -- : To unsubscribe or change your settings for TWSocket mailing list : please goto http://www.elists.org/mailman/listinfo/twsocket : Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] THttpSrv supporting NTLM Beta (updated)
Hi, For those of you not having followed the very long thread Urgent... Here is an updated version of the THttpSrv supporting NTLM available. http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060914.zip Read readme.txt for how to install. This is for ICS V6 only. I'd be happy if someone test it in a domain environment, since I'm running peer to peer. It includes a modified Websrv demo, a compiled EXE is also included. --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Scrive Angus Robertson - Magenta Systems Ltd <[EMAIL PROTECTED]>: > > I wonder how IE do to make the NTLM authentication without asking > > the user password. This would probably be interesting to implement > > in HTTP client component. > > If you do implement the Protected Storage API stuff, please do it in a > separate unit only linked if a conditional is changed. I agree with you. > Virus and trojan scanners are likely to be looking for use of these > APIs, since they allow very easy access to passwords for some web sites > (although fortunately most banking sites don't use browser > authentication) and we don't want ICS application unnecessarily flagged. I think that, at least for the moment, it should be limited to the NTLM stuff, so an application will able do the "single signon". When I get some time I'll look into this stuff because I have already a customer that ask me for single signon. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> I wonder how IE do to make the NTLM authentication without asking > the user password. This would probably be interesting to implement > in HTTP client component. If you do implement the Protected Storage API stuff, please do it in a separate unit only linked if a conditional is changed. Virus and trojan scanners are likely to be looking for use of these APIs, since they allow very easy access to passwords for some web sites (although fortunately most banking sites don't use browser authentication) and we don't want ICS application unnecessarily flagged. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> Haven't you had a look at http://www.cobans.net/pslib.php > Anything you need is available, Delphi source, and a nice HTML help file. > Thanks for the link! I saw the link but missed the library ! My bad. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Scrive Francois Piette <[EMAIL PROTECTED]>: > > Various password 'recovery' utilities using protected storage are at: > > http://www.nirsoft.net/ > > Yes, I know those utilities. But this doesn't answer my question which maybe > was not formulated correctly. > > I would like to know the API details so that I could use it into HTTP client > component. I already made a research in the past without any success. I asked some people to try with other browser and they aswer that all ask for credential the first time. So my conclusion is that IE does some (dirty?) trick to obtain credential information of the logged user. Now the link posted by Angus give a new light. I put it in my todo list. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> I would like to know the API details so that I could use it into > HTTP client component. > > http://www.cobans.net/pslib.php This is a Delphi component, not a utility. I only gave the URLs of the utilities to illustrate the use of the component. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Francois Piette wrote: >> Various password 'recovery' utilities using protected storage are at: >> http://www.nirsoft.net/ > > Yes, I know those utilities. But this doesn't answer my question > which maybe was not formulated correctly. Haven't you had a look at http://www.cobans.net/pslib.php Anything you need is available, Delphi source, and a nice HTML help file. Thanks for the link! --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > I would like to know the API details so that I could use it into HTTP > client component. > > Contribute to the SSL Effort. Visit > http://www.overbyte.be/eng/ssl.html -- > [EMAIL PROTECTED] > Author of ICS (Internet Component Suite, freeware) > Author of MidWare (Multi-tier framework, freeware) > http://www.overbyte.be > > > - Original Message - > From: "Angus Robertson - Magenta Systems Ltd" <[EMAIL PROTECTED]> > To: > Sent: Monday, September 11, 2006 11:25 AM > Subject: Re: [twsocket] THttpSrv supporting NTLM Beta > > >>> I wonder how IE do to make the NTLM authentication without asking >>> the user password. This would probably be interesting to implement >>> in HTTP client component. >> >> Windows keeps some passwords in memory once they have been entered, >> and others are read from a hidden part of the registry >> >> HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System >> Provider >> >> and can be read using the protected storage COM object pstorec.dll. >> >> http://www.cobans.net/pslib.php >> >> Various password 'recovery' utilities using protected storage are at: >> >> http://www.nirsoft.net/ >> >> Network Password Recovery lists all network passwords saved, another >> tools read RAS passwords, and specifically Protected Storage PassView >> reads all the MSIE passwords (and Outlook and MSN). >> >> http://www.nirsoft.net/utils/pspv.html >> >> Angus >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Francois Piette wrote: ImpersonateContext as well as RevertContext. ImpersonateContext will make the calling thread run in the security context of the authenticated user. >>> >>> I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in >>> some of my applications. What are the differences between those and >>> ImpersonateContext and RevertContext ? >> >> LogonUser works only if your account has 'Act As Part Of The >> Operating System' privileges. Beside that I think they are the same. > > LogonUser work if the already logged on user (that is the session > user) has "Log on locally" permission. I don't think 'Act As Part Of > The Operating System' privileges is related to LogonUser. That differs depending on the Winnt version. I think in XP the SE_TCB_NAME privilege is no longer required, bravo M$. "Windows 2000: The process calling LogonUser requires the SE_TCB_NAME privilege. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD. In some cases, the process that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for the local system account or accounts that are members of the administrators group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable it for everyone. For more information about privileges, see Privileges." There are also differences between NT4 and 2K, in one of the versions it had to be enabled before calling LogonUser and in one of the versions LogonUser enables it as necessary. > > Contribute to the SSL Effort. Visit > http://www.overbyte.be/eng/ssl.html -- > [EMAIL PROTECTED] > Author of ICS (Internet Component Suite, freeware) > Author of MidWare (Multi-tier framework, freeware) > http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> >> ImpersonateContext as well as RevertContext. > >> ImpersonateContext will make the calling thread run in > >> the security context of the authenticated user. > > > > I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in some > > of my applications. What are the differences between those and > > ImpersonateContext and RevertContext ? > > LogonUser works only if your account has 'Act As Part Of The > Operating System' privileges. Beside that I think they are the same. LogonUser work if the already logged on user (that is the session user) has "Log on locally" permission. I don't think 'Act As Part Of The Operating System' privileges is related to LogonUser. Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] Author of ICS (Internet Component Suite, freeware) Author of MidWare (Multi-tier framework, freeware) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> Various password 'recovery' utilities using protected storage are at: > http://www.nirsoft.net/ Yes, I know those utilities. But this doesn't answer my question which maybe was not formulated correctly. I would like to know the API details so that I could use it into HTTP client component. Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] Author of ICS (Internet Component Suite, freeware) Author of MidWare (Multi-tier framework, freeware) http://www.overbyte.be - Original Message - From: "Angus Robertson - Magenta Systems Ltd" <[EMAIL PROTECTED]> To: Sent: Monday, September 11, 2006 11:25 AM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta > > I wonder how IE do to make the NTLM authentication without asking > > the user password. This would probably be interesting to implement > > in HTTP client component. > > Windows keeps some passwords in memory once they have been entered, and > others are read from a hidden part of the registry > > HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider > > and can be read using the protected storage COM object pstorec.dll. > > http://www.cobans.net/pslib.php > > Various password 'recovery' utilities using protected storage are at: > > http://www.nirsoft.net/ > > Network Password Recovery lists all network passwords saved, another > tools read RAS passwords, and specifically Protected Storage PassView > reads all the MSIE passwords (and Outlook and MSN). > > http://www.nirsoft.net/utils/pspv.html > > Angus > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Fastream Technologies wrote: > Hello, > > I am just looking at your code and I see: > > {$IFNDEF NO_AUTHTICATION_SUPPORT} Oops, corrected in http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > > It should be "NO_AUTHENTICATION_SUPPORT". (Just a typo) > > Other than that, I will do the integration soon and will let you know. > > Best Regards, > > SZ > > - Original Message - > From: "Arno Garrels" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Monday, September 11, 2006 11:00 AM > Subject: Re: [twsocket] THttpSrv supporting NTLM Beta > > >> Arno Garrels wrote: >>> Francois Piette wrote: >>>>> ImpersonateContext as well as RevertContext. >>>>> ImpersonateContext will make the calling thread run >>>>> in the security context of the authenticated user. >>>> >>>> I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in >>>> some of my applications. What are the differences between those and >>>> ImpersonateContext and RevertContext ? >>> >>> LogonUser works only if your account has 'Act As Part Of The >>> Operating System' privileges. Beside that I think they are the same. >> >> Well, not quite correct, I should have said similar, LogonUser >> has some options of course. >> >>> >>>> >>>> Contribute to the SSL Effort. Visit >>>> http://www.overbyte.be/eng/ssl.html -- >>>> [EMAIL PROTECTED] >>>> Author of ICS (Internet Component Suite, freeware) >>>> Author of MidWare (Multi-tier framework, freeware) >>>> http://www.overbyte.be >>>> >>>> >>>> - Original Message - >>>> From: "Arno Garrels" <[EMAIL PROTECTED]> >>>> To: "ICS support mailing" >>>> Sent: Monday, September 11, 2006 9:21 AM >>>> Subject: Re: [twsocket] THttpSrv supporting NTLM Beta >>>> >>>> >>>>> Arno Garrels wrote: >>>>>> Any feedback is welcome >>>>> >>>>> Thanks Francois and Maurizio. >>>>> >>>>> I have uploaded a new version: >>>>> http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip >>>>> >>>>> Enhanced TNtlmAuthSession/OverbyteIcsNtlmSsp.pas only: >>>>> >>>>> Sep 11, 2006 V1.01 A. Garrels added func ValidateUserCredentials() >>>>> which allows validation of user credentials locally. >>>>> Also added func ImpersonateContext as well as >>>>> RevertContext. ImpersonateContext will make the >>>>> calling thread run in the security context of the >>>>> authenticated user. >>>>> >>>>> Sample: >>>>> procedure TForm1.Button1Click(Sender: TObject); >>>>> var >>>>> Sess: TNtlmAuthSession; >>>>> begin >>>>> Sess := TNtlmAuthSession.Create; >>>>> try >>>>> if Sess.ValidateUserCredentials('user', 'pass', 'dom', >>>>> False) then begin >>>>> if Sess.ImpersonateContext then >>>>> begin >>>>> do something in the new security context >>>>> Sess.RevertContext; >>>>> end; >>>>> end; >>>>> finally >>>>> freeandnil(sess); >>>>> end; >>>>> end; >>>>> -- >>>>> To unsubscribe or change your settings for TWSocket mailing list >>>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>>> Visit our website at http://www.overbyte.be >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> I wonder how IE do to make the NTLM authentication without asking > the user password. This would probably be interesting to implement > in HTTP client component. Windows keeps some passwords in memory once they have been entered, and others are read from a hidden part of the registry HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider and can be read using the protected storage COM object pstorec.dll. http://www.cobans.net/pslib.php Various password 'recovery' utilities using protected storage are at: http://www.nirsoft.net/ Network Password Recovery lists all network passwords saved, another tools read RAS passwords, and specifically Protected Storage PassView reads all the MSIE passwords (and Outlook and MSN). http://www.nirsoft.net/utils/pspv.html Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Hello, I am just looking at your code and I see: {$IFNDEF NO_AUTHTICATION_SUPPORT} It should be "NO_AUTHENTICATION_SUPPORT". (Just a typo) Other than that, I will do the integration soon and will let you know. Best Regards, SZ - Original Message - From: "Arno Garrels" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Monday, September 11, 2006 11:00 AM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta : Arno Garrels wrote: : > Francois Piette wrote: : >>> ImpersonateContext as well as RevertContext. : >>> ImpersonateContext will make the calling thread run in : >>> the security context of the authenticated user. : >> : >> I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in some : >> of my applications. What are the differences between those and : >> ImpersonateContext and RevertContext ? : > : > LogonUser works only if your account has 'Act As Part Of The : > Operating System' privileges. Beside that I think they are the same. : : Well, not quite correct, I should have said similar, LogonUser : has some options of course. : : > : >> : >> Contribute to the SSL Effort. Visit : >> http://www.overbyte.be/eng/ssl.html -- : >> [EMAIL PROTECTED] : >> Author of ICS (Internet Component Suite, freeware) : >> Author of MidWare (Multi-tier framework, freeware) : >> http://www.overbyte.be : >> : >> : >> ----- Original Message ----- : >> From: "Arno Garrels" <[EMAIL PROTECTED]> : >> To: "ICS support mailing" : >> Sent: Monday, September 11, 2006 9:21 AM : >> Subject: Re: [twsocket] THttpSrv supporting NTLM Beta : >> : >> : >>> Arno Garrels wrote: : >>>> Any feedback is welcome : >>> : >>> Thanks Francois and Maurizio. : >>> : >>> I have uploaded a new version: : >>> http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip : >>> : >>> Enhanced TNtlmAuthSession/OverbyteIcsNtlmSsp.pas only: : >>> : >>> Sep 11, 2006 V1.01 A. Garrels added func ValidateUserCredentials() : >>> which allows validation of user credentials locally. : >>> Also added func ImpersonateContext as well as : >>> RevertContext. ImpersonateContext will make the calling : >>> thread run in the security context of the authenticated : >>> user. : >>> : >>> Sample: : >>> procedure TForm1.Button1Click(Sender: TObject); : >>> var : >>> Sess: TNtlmAuthSession; : >>> begin : >>> Sess := TNtlmAuthSession.Create; : >>> try : >>> if Sess.ValidateUserCredentials('user', 'pass', 'dom', : >>> False) then begin : >>> if Sess.ImpersonateContext then : >>> begin : >>> do something in the new security context : >>> Sess.RevertContext; : >>> end; : >>> end; : >>> finally : >>> freeandnil(sess); : >>> end; : >>> end; : >>> -- : >>> To unsubscribe or change your settings for TWSocket mailing list : >>> please goto http://www.elists.org/mailman/listinfo/twsocket : >>> Visit our website at http://www.overbyte.be : -- : To unsubscribe or change your settings for TWSocket mailing list : please goto http://www.elists.org/mailman/listinfo/twsocket : Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Arno Garrels wrote: > Francois Piette wrote: >>> ImpersonateContext as well as RevertContext. >>> ImpersonateContext will make the calling thread run in >>> the security context of the authenticated user. >> >> I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in some >> of my applications. What are the differences between those and >> ImpersonateContext and RevertContext ? > > LogonUser works only if your account has 'Act As Part Of The > Operating System' privileges. Beside that I think they are the same. Well, not quite correct, I should have said similar, LogonUser has some options of course. > >> >> Contribute to the SSL Effort. Visit >> http://www.overbyte.be/eng/ssl.html -- >> [EMAIL PROTECTED] >> Author of ICS (Internet Component Suite, freeware) >> Author of MidWare (Multi-tier framework, freeware) >> http://www.overbyte.be >> >> >> - Original Message - >> From: "Arno Garrels" <[EMAIL PROTECTED]> >> To: "ICS support mailing" >> Sent: Monday, September 11, 2006 9:21 AM >> Subject: Re: [twsocket] THttpSrv supporting NTLM Beta >> >> >>> Arno Garrels wrote: >>>> Any feedback is welcome >>> >>> Thanks Francois and Maurizio. >>> >>> I have uploaded a new version: >>> http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip >>> >>> Enhanced TNtlmAuthSession/OverbyteIcsNtlmSsp.pas only: >>> >>> Sep 11, 2006 V1.01 A. Garrels added func ValidateUserCredentials() >>> which allows validation of user credentials locally. >>> Also added func ImpersonateContext as well as >>> RevertContext. ImpersonateContext will make the calling >>> thread run in the security context of the authenticated >>> user. >>> >>> Sample: >>> procedure TForm1.Button1Click(Sender: TObject); >>> var >>> Sess: TNtlmAuthSession; >>> begin >>> Sess := TNtlmAuthSession.Create; >>> try >>> if Sess.ValidateUserCredentials('user', 'pass', 'dom', >>> False) then begin >>> if Sess.ImpersonateContext then >>> begin >>> do something in the new security context >>> Sess.RevertContext; >>> end; >>> end; >>> finally >>> freeandnil(sess); >>> end; >>> end; >>> -- >>> To unsubscribe or change your settings for TWSocket mailing list >>> please goto http://www.elists.org/mailman/listinfo/twsocket >>> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Francois Piette wrote: >> ImpersonateContext as well as RevertContext. >> ImpersonateContext will make the calling thread run in >> the security context of the authenticated user. > > I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in some > of my applications. What are the differences between those and > ImpersonateContext and RevertContext ? LogonUser works only if your account has 'Act As Part Of The Operating System' privileges. Beside that I think they are the same. > > Contribute to the SSL Effort. Visit > http://www.overbyte.be/eng/ssl.html -- > [EMAIL PROTECTED] > Author of ICS (Internet Component Suite, freeware) > Author of MidWare (Multi-tier framework, freeware) > http://www.overbyte.be > > > - Original Message - > From: "Arno Garrels" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Monday, September 11, 2006 9:21 AM > Subject: Re: [twsocket] THttpSrv supporting NTLM Beta > > >> Arno Garrels wrote: >>> Any feedback is welcome >> >> Thanks Francois and Maurizio. >> >> I have uploaded a new version: >> http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip >> >> Enhanced TNtlmAuthSession/OverbyteIcsNtlmSsp.pas only: >> >> Sep 11, 2006 V1.01 A. Garrels added func ValidateUserCredentials() >> which allows validation of user credentials locally. >> Also added func ImpersonateContext as well as >> RevertContext. ImpersonateContext will make the calling >> thread run in the security context of the authenticated >> user. >> >> Sample: >> procedure TForm1.Button1Click(Sender: TObject); >> var >> Sess: TNtlmAuthSession; >> begin >> Sess := TNtlmAuthSession.Create; >> try >> if Sess.ValidateUserCredentials('user', 'pass', 'dom', >> False) then begin >> if Sess.ImpersonateContext then >> begin >> do something in the new security context >> Sess.RevertContext; >> end; >> end; >> finally >> freeandnil(sess); >> end; >> end; >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> ImpersonateContext as well as RevertContext. ImpersonateContext > will make the calling thread run in the security context of the > authenticated user. I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in some of my applications. What are the differences between those and ImpersonateContext and RevertContext ? Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] Author of ICS (Internet Component Suite, freeware) Author of MidWare (Multi-tier framework, freeware) http://www.overbyte.be - Original Message - From: "Arno Garrels" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Monday, September 11, 2006 9:21 AM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta > Arno Garrels wrote: > > Any feedback is welcome > > Thanks Francois and Maurizio. > > I have uploaded a new version: > http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip > > Enhanced TNtlmAuthSession/OverbyteIcsNtlmSsp.pas only: > > Sep 11, 2006 V1.01 A. Garrels added func ValidateUserCredentials() which allows > validation of user credentials locally. Also added func > ImpersonateContext as well as RevertContext. ImpersonateContext > will make the calling thread run in the security context of the > authenticated user. > > Sample: > procedure TForm1.Button1Click(Sender: TObject); > var > Sess: TNtlmAuthSession; > begin > Sess := TNtlmAuthSession.Create; > try > if Sess.ValidateUserCredentials('user', 'pass', 'dom', False) then > begin > if Sess.ImpersonateContext then > begin > do something in the new security context > Sess.RevertContext; > end; > end; > finally > freeandnil(sess); > end; > end; > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Arno Garrels wrote: > Any feedback is welcome Thanks Francois and Maurizio. I have uploaded a new version: http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060911.zip Enhanced TNtlmAuthSession/OverbyteIcsNtlmSsp.pas only: Sep 11, 2006 V1.01 A. Garrels added func ValidateUserCredentials() which allows validation of user credentials locally. Also added func ImpersonateContext as well as RevertContext. ImpersonateContext will make the calling thread run in the security context of the authenticated user. Sample: procedure TForm1.Button1Click(Sender: TObject); var Sess: TNtlmAuthSession; begin Sess := TNtlmAuthSession.Create; try if Sess.ValidateUserCredentials('user', 'pass', 'dom', False) then begin if Sess.ImpersonateContext then begin do something in the new security context Sess.RevertContext; end; end; finally freeandnil(sess); end; end; -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] THttpSrv supporting NTLM Beta
I wonder how IE do to make the NTLM authentication without asking the user password. This would probably be interesting to implement in HTTP client component. Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] Author of ICS (Internet Component Suite, freeware) Author of MidWare (Multi-tier framework, freeware) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Scrive Arno Garrels <[EMAIL PROTECTED]>: > Arno Garrels wrote: [...] > Hey, I canceled my fishing trip this weekend, to be able > to response to the feedback from you. > Any feedback is welcome, even if you think that my code > is crap, let's talk about it. I'm sorry Arno, but a work that I promised to be ready for tomorrow (monday) needed more time than expected (not finished yet). Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
> Any feedback is welcome, even if you think that my code > is crap, let's talk about it. Well, I don't think your code is crap. I tried it, it compiled fine with BDS2006 and it ran fine ! No problem at all. OK, your code layout is not exactly what I use but close enough :-)) Very good job indeed ! -- [EMAIL PROTECTED] http://www.overbyte.be - Original Message - From: "Arno Garrels" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Sunday, September 10, 2006 8:20 PM Subject: Re: [twsocket] THttpSrv supporting NTLM Beta > Arno Garrels wrote: >> Hello, >> >> I've uploaded a THttpSrv supporting NTLM authentication: >> (just corrected a typo and made NtlmAccept() protected) >> http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060909.zip >> This job has been sponsored by Fastream Technologies, thanks. >> >> Read readme.txt for how to install. >> This for ICS V6 only. >> >> I really would like to hear your opinion. > > Hey, I canceled my fishing trip this weekend, to be able > to response to the feedback from you. > Any feedback is welcome, even if you think that my code > is crap, let's talk about it. > > --- > Arno Garrels [TeamICS] > http://www.overbyte.be/eng/overbyte/teamics.html > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpSrv supporting NTLM Beta
Arno Garrels wrote: > Hello, > > I've uploaded a THttpSrv supporting NTLM authentication: > (just corrected a typo and made NtlmAccept() protected) > http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060909.zip > This job has been sponsored by Fastream Technologies, thanks. > > Read readme.txt for how to install. > This for ICS V6 only. > > I really would like to hear your opinion. Hey, I canceled my fishing trip this weekend, to be able to response to the feedback from you. Any feedback is welcome, even if you think that my code is crap, let's talk about it. --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] THttpSrv supporting NTLM Beta
Hello, I've uploaded a THttpSrv supporting NTLM authentication: (just corrected a typo and made NtlmAccept() protected) http://www.duodata.de/misc/delphi/V6-HttpSrv-Ntlm-20060909.zip This job has been sponsored by Fastream Technologies, thanks. Read readme.txt for how to install. This for ICS V6 only. I really would like to hear your opinion. --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be