Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Francois PIETTE
It seemes to me that you have the same problem as me. Try to separe the user and the domain. If it works let me know so I can patch the proxy part of NTLM auth too. Without domain the user will not be authenticated, I tried. I think you are right. Since NtlmGetMessage3 has provision for

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Tibor Csonka
That is what I ment also. Now the question is that should or should not ICS allow other separators than backslash? And the second question that on the proxy authentication part should we use the same technique? Personally I didn't saw usernames like [EMAIL PROTECTED] until now in windows. Paul,

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Paul
the one that works. Paul - Original Message - From: Tibor Csonka [EMAIL PROTECTED] To: ICS support mailing twsocket@elists.org Sent: Friday, January 20, 2006 11:18 AM Subject: Re: [twsocket] NTLM authentication reloaded That is what I ment also. Now the question is that should

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Paul
mailing twsocket@elists.org Sent: Friday, January 20, 2006 12:04 PM Subject: Re: [twsocket] NTLM authentication reloaded That is what I ment also. Now the question is that should or should not ICS allow other separators than backslash? Should ICS be responsible for domain/user parsing out

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Tibor Csonka
Anyway the user tweaks like this separation character should not be the concern of ICS but of the application with the functionality. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Francois PIETTE
Paul, can you give me examples, where you can configure Proxy/Web server with NTLM in the way you pointed out? You won't find this strange format in M$ proxies, but there lots of proxies available. The ones that requires [EMAIL PROTECTED] are mostly used with ftp Yes, but those are not

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Francois PIETTE
Should ICS be responsible for domain/user parsing out of a single property or should a new property with domain added ? I can see your point here. For me is more simpler for now to leave it like that, but I think ICS _should not_ handle the separation; it is much better to expose separate

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Tibor Csonka
I would like to correct the bug report I posted before: There is no way to set domain for NTLM authentication neither for web server or proxy in ICS HttpProt. A mechanism should be included in the future releases. A new property for the domain can be added for proxy auth and separatelly for

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Arno Garrels
Francois PIETTE wrote: Should ICS be responsible for domain/user parsing out of a single property or should a new property with domain added ? I think not, unless the component itself test for the combination that works. That's not logical. The NTLM message has two different parts for

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Paul
Subject: Re: [twsocket] NTLM authentication reloaded Paul, can you give me examples, where you can configure Proxy/Web server with NTLM in the way you pointed out? You won't find this strange format in M$ proxies, but there lots of proxies available. The ones that requires [EMAIL PROTECTED

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Stadin, Benjamin
At my former working place we had an MS Exchange email server and several NT Domains. The domains had different trustships between each other. In the exchange webmail you are only asked for username and password. Users who don't belong to the main domain but one of the trusted domains had to use

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Arno Garrels
Stadin, Benjamin wrote: I think it should be handled without a new property. Why not just copy what NTLM implementation as well as function LogonUser() already provide? Even Internet Explorer pops up a dialog with an additional Domain-field upon NTLM authentications. With two new

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Maurizio Lotauro
Scrive Tibor Csonka [EMAIL PROTECTED]: [...] You have a similar situation with IIS? I mean, if you don't include the domain you will be authenticated? It seemes to me that you have the same problem as me. Try to separe the user and the domain. If it works let me know so I can patch

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Maurizio Lotauro
Scrive Paul [EMAIL PROTECTED]: You can't know what the proxy wants, so you have to test all possible situations and pick the one that works As Maurizio said, some users have to add the domain and some not (on the same proxy!) Is it possible for you to test with proxy that need [EMAIL

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Maurizio Lotauro
Scrive Francois PIETTE [EMAIL PROTECTED]: That is what I ment also. Now the question is that should or should not ICS allow other separators than backslash? Should ICS be responsible for domain/user parsing out of a single property or should a new property with domain added ? I suggest

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Maurizio Lotauro
Scrive Tibor Csonka [EMAIL PROTECTED]: I would like to correct the bug report I posted before: [...] A new property for the domain can be added for proxy auth and separatelly for web auth or a property in which users can set the domain name separator this can be one for each of the

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Maurizio Lotauro
Scrive Arno Garrels [EMAIL PROTECTED]: [...] I think they arn't so smart, but just calling LogOnUser() note that [EMAIL PROTECTED] valid, not only for FTP-proxies. I don't think that the server use LogOnUser to authenticate the request because with NTLM it will not receive the password in

Re: [twsocket] NTLM authentication reloaded

2006-01-20 Thread Arno Garrels
Maurizio Lotauro wrote: Scrive Arno Garrels [EMAIL PROTECTED]: [...] I think they arn't so smart, but just calling LogOnUser() note that [EMAIL PROTECTED] valid, not only for FTP-proxies. I don't think that the server use LogOnUser to authenticate the request because with NTLM it will

Re: [twsocket] NTLM authentication reloaded

2006-01-19 Thread Paul
I did this in the HTTP authentication part not in the proxy. Can somebody confirm that in case of NTLM proxies, should work the same way? There are several ways a proxy auth is requested, it depends on the proxy settings and/or domain or even a workgroup. - username - domain\username - [EMAIL

Re: [twsocket] NTLM authentication reloaded

2006-01-19 Thread Tibor Csonka
I don't have a specific case where it isn't working. I was trying to fix things and I thought that someone knows how proxies/http servers are accecpting NTLM credentials. Paul wrote: I did this in the HTTP authentication part not in the proxy. Can somebody confirm that in case of NTLM proxies,

Re: [twsocket] NTLM authentication reloaded

2006-01-19 Thread Maurizio Lotauro
Scrive Tibor Csonka [EMAIL PROTECTED]: Hello list, I've just ran into a small bug in NTLM authentication from HttpCli. There is a possibility that the user enters the username as domain\username. In this case HttpCli will send the username and the domain as the username, wich is not

Re: [twsocket] NTLM authentication reloaded

2006-01-19 Thread Tibor Csonka
logon with username domain\username [EMAIL PROTECTED] Paul - Original Message - From: Maurizio Lotauro [EMAIL PROTECTED] To: ICS support mailing twsocket@elists.org Sent: Friday, January 20, 2006 1:47 AM Subject: Re: [twsocket] NTLM authentication reloaded Scrive Tibor Csonka