Re: [twsocket] NTLMV2 Sample Usage
> I've tried to enable a directory in my 2012 web server for Windows > Authentication (the current name for NTLM), but it does not seem > to make any difference, the directory is unprotected. I've probably > missed something. Simple really, you have to disable anonymous authentication before any for the more exotic versions work. The result of testing NTLM/Windows Authentication is interesting: ICS, Firefox and Microsoft Edge (the latest browser) all display a blank page or an error, only Microsoft Internet Explorer 11 seems to work and display the real pages. Googling suggests that Edge supports NTLMv2 and Kerberos but not Single-Sign On, whatever that is, maybe using the integrated authentication? MSIE is now considered a legacy browser only for the support of ancient sites for it, if Microsoft does not properly support Edge, should we try and fix NTLM? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLMV2 Sample Usage
> I looked at some of the samples and found adding the compiler > directive UseNTLMAuthentication just causes it to not compile. In OverbyteIcsHttpProt.pas, I commented out: {$IFNDEF NO_ADVANCED_HTTP_CLIENT_FEATURES} and it's {$ENDIF}, which enables NTLM and Digest authentication, and the unit compiles without errors. I've tried to enable a directory in my 2012 web server for Windows Authentication (the current name for NTLM), but it does not seem to make any difference, the directory is unprotected. I've probably missed something. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLMV2 Sample Usage
>Da: Angus Robertson - Magenta Systems Ltd >Data: 17/02/2016 9.46 >A: >Ogg: Re: [twsocket] NTLMV2 Sample Usage > >> I used ICS to support httpCli SSL requests and now a client has >> asked me if I support NTLMv2. >> I looked at some of the samples and found adding the compiler >> directive UseNTLMAuthentication just causes it to not compile. Which error is raised? [...] >There is not connection between SSL and NTLM. The issue is NTLM is not >tested as part of normal ICS development, so changes made to correct >other problems may impact NTLM since that code is not compiled, and >there is no way to test it anyway. > >I don't know how the original developer of the NTLM code tested it, and >he's not currently available to work on ICS. I worked on authentication code and used NTLM in the past. If I have more details maybe I can give a clue to solve the problem. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLMV2 Sample Usage
> I used ICS to support httpCli SSL requests and now a client has > asked me if I support NTLMv2. > I looked at some of the samples and found adding the compiler > directive UseNTLMAuthentication just causes it to not compile. NTLM is only used by Windows web servers authenticating against windows credentials, usually for intranet web sites, since every user needs a Windows accounts. At least that is my understanding, I've never used ICS with NTLM. I have several Windows web servers, but have never used NTLM with them. > Is there a working sample somewhere? NTLM should be transparent, if enabled, so OverbyteIcsHttpsTst.dpr should work, if NTLM is enabled. > Is it even possible for a client app to support both SSL and > NTLMv2 within the same application? > It seems that once it is compiled with the UseNTLMAuthentication > it will override the SSL code. There is not connection between SSL and NTLM. The issue is NTLM is not tested as part of normal ICS development, so changes made to correct other problems may impact NTLM since that code is not compiled, and there is no way to test it anyway. I don't know how the original developer of the NTLM code tested it, and he's not currently available to work on ICS. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be