Thank you. I created a logging mechanism. I noticed that the first request from THttpCli did not have a Keep-alive connection like it seems yours did in step 1 so I investigated this. It lead me to this code:
{$IFDEF DELPHI5_UP} {$DEFINE UseNTLMAuthentication} {$ENDIF} Since I'm using BCB 6, it seemed like UseNTLMAuthentication wasn't getting defined. So I defined it and recompiled and had more success (but not complete). So this is an issue that should be corrected in HttpProt.pas. Now, it appears that NTLM is working but I am getting back a corrupted document. When I request: http://val.htmlvalidator.com:81/ Username: test Password: testpw I get the below document back. It looks like a corruption of the unauthorized page and the correct page. Any ideas? When I request the above page in Firefox and view the source, I get what I expected. >>> BEGIN DOC >>> BEGIN DOC >>> BEGIN DOC <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html dir=ltr> <head> <style> a:link {font:8pt/11pt verdana; color:FF0000} a:visited {font:8pt/11pt verdana; color:#4e4e4e} </style> <META NAME="ROBOTS" CONTENT="NOINDEX"> <title>You are not authorized to view this page</title> <META HTTP-EQUIV="Content-Type" Content="text-html; charset=Window<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>NTLM Auth Test</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <meta name="generator" content="CSE HTML Validator Professional (http://www.htmlvalidator.com/)"> </head> <body> <h1>Success! The file came through.</h1> </body> </html> s:// protocolIndex=DocURL.indexOf("://",4); //this finds the ending slash for the domain server serverIndex=DocURL.indexOf("/",protocolIndex + 3); //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker. //urlresult=DocURL.substring(protocolIndex - 4,serverIndex); BeginURL=DocURL.indexOf("#",1) + 1; urlresult=DocURL.substring(BeginURL,serverIndex); //for display, we need to skip after http://, and go to the next slash displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex); InsertElementAnchor(urlresult, displayresult); } function HtmlEncode(text) { return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>'); } function TagAttrib(name, value) { return ' '+name+'="'+HtmlEncode(value)+'"'; } function PrintTag(tagName, needCloseTag, attrib, inner){ document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) ); if (needCloseTag) document.write( '</' + tagName +'>' ); } function URI(href) { IEVer = window.navigator.appVersion; IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 ); return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ? encodeURI(href) : escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';'); } function InsertElementAnchor(href, text) { PrintTag('A', true, TagAttrib('HREF', URI(href)), text); } //--> </script> <body bgcolor="FFFFFF"> <table width="410" cellpadding="3" cellspacing="5"> <tr> <td align="left" valign="middle" width="360"> <h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1> </td> </tr> <tr> <td width="400" colspan="2"> <font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</id></font></td> </tr> <tr> <td width="400" colspan="2"> <font style="COLOR:000000; FONT: 8pt/11pt verdana"> <hr color="#C0C0C0" noshade> <p>Please try the following:</p> <ul> <li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li> <li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the <script> <!-- if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2"))) { Homepage(); } //--> </script> home page.</li> </ul> <h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.1 - Unauthorized: Logon Failed<br> Internet Information Services</h2> <hr color="#C0C0C0" noshade> <p>Technical Information (for support personnel)</p> <ul> <li>More information:<br> <a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid =&ID=401.1&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a> </li> </font></td> </tr> </table> </body> </html> >Response</strong> object to request that the client use a certain authentication method to access the resource. <p> <li>More information:<br> <a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid =&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a> </li> </p> </ul> </font></td> </tr> </table> </body> </html> >>> END DOC >>> END DOC >>> END DOC -- Albert Wiersch AI Internet Solutions [EMAIL PROTECTED] http://www.htmlvalidator.com/ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tibor Csonka > Sent: Friday, March 18, 2005 2:03 AM > To: 'ICS support mailing' > Subject: RE: [twsocket] HELP with NTLM authentication > > > I was compiled with Delphi 7. Nothing special was done regarding NTLM > authentication, however I have a litle bit customized HttpCli. > > I think it should work for you too. > > About the header log, you can listen on OnHeadersDone or > OnHeaderData events > on HttpCli and log each header. > Also it could be useful if you log OnSessionConnected events > to know when > your HttpCli has initiate a new connection, because NTLM > authentication > works on a connected socket session. > > regards > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Albert Wiersch > Sent: Friday, March 18, 2005 1:25 AM > To: 'ICS support mailing' > Subject: RE: [twsocket] HELP with NTLM authentication > > > Thank you for checking. What compiler did you compile > THttpCli with? Did you > do anything special to get it to work? It still doesn't work for me. > > How did you get the headers log? Perhaps I could try to see > what's going on > as well. > > When I try it, I get a page back titled "You are not > authorized to view this > page". When I switch the server to accepting basic > authentication, it works. > > -- > Albert Wiersch > AI Internet Solutions > [EMAIL PROTECTED] > http://www.htmlvalidator.com/ > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tibor Csonka > > Sent: Thursday, March 17, 2005 3:59 PM > > To: 'ICS support mailing' > > Subject: RE: [twsocket] HELP with NTLM authentication > > > > > > I could access your site with no problem. Here are the headers log: > > > > Step 1: > > GET / HTTP/1.0 > > Connection: Keep-alive > > Host: val.htmlvalidator.com:81 > > > > HTTP/1.1 401 Access Denied > > Server: Microsoft-IIS/5.1 > > Date: Thu, 17 Mar 2005 21:57:30 GMT > > WWW-Authenticate: Negotiate > > WWW-Authenticate: NTLM > > Content-Length: 4431 > > Content-Type: text/html > > > > Step 2: > > GET / HTTP/1.0 > > Connection: Keep-alive > > Host: val.htmlvalidator.com:81 > > Authorization: NTLM TlRMTVNTUAABAAAAB4IAAAAAAAAAAAAAAAAAAAAAAAA= > > > > HTTP/1.1 401 Access Denied > > Server: Microsoft-IIS/5.1 > > Date: Thu, 17 Mar 2005 21:57:32 GMT > > WWW-Authenticate: NTLM > > TlRMTVNTUAACAAAABAAEADgAAAAFgoICHhgRPrzi0v8AAAAAAAAAACQAJAA8AA > > AABQEoCgAAAA9a > > ADIAAgAEAFoAMgABAAQAWgAyAAQABAB6ADIAAwAEAHoAMgAAAAAA > > Connection: keep-alive > > Content-Length: 4033 > > Content-Type: text/html > > > > Step 3: > > GET / HTTP/1.0 > > Connection: Keep-alive > > Host: val.htmlvalidator.com:81 > > Authorization: NTLM > > TlRMTVNTUAADAAAAGAAYAE4AAAAYABgAZgAAAAAAAABAAAAACAAIAEAAAAAGAA > > YASAAAAAAAAAAA > > AAAABYIAAHQAZQBzAHQAYgBlAGUAD58YyBRwoVZFrYVWYeiTHJ1jHhvc58x3qR > > b7IFJ5glQT8jsl > > 867NwImoBzUHq3kS > > > > HTTP/1.1 200 OK > > Server: Microsoft-IIS/5.1 > > Connection: keep-alive > > Content-Location: http://val.htmlvalidator.com:81/index.htm > > Date: Thu, 17 Mar 2005 21:57:34 GMT > > Content-Type: text/html > > Accept-Ranges: bytes > > Last-Modified: Thu, 17 Mar 2005 20:09:46 GMT > > ETag: "b21949442d2bc51:97b" > > Content-Length: 404 > > > > regards > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Albert Wiersch > > Sent: Thursday, March 17, 2005 11:13 PM > > To: 'ICS support mailing' > > Subject: [twsocket] HELP with NTLM authentication > > > > > > My users have reported problems with NTLM authentication. I > > have also never > > seen it to work. I am using the latest release version of > ICS. I have > > compiled it with BCB 6. > > > > Can someone see if they can access the below URL with > > THttpCli? I have not > > had any luck. I get an unauthorized page. I've tested it with > > IE and Firefox > > and it works. > > > > Please try: > > http://val.htmlvalidator.com:81/ > > > > Username: test > > Password: testpw > > > > The page should say "Success! The file came through.". > > > > If it doesn't work for you either, then is this a bug with the NTLM > > authentication? If it does work, do you know why it wouldn't > > be working for > > me? > > > > Thank you. > > > > -- > > Albert Wiersch > > AI Internet Solutions > > [EMAIL PROTECTED] > > http://www.htmlvalidator.com/ > > > > > > -- > > To unsubscribe or change your settings for TWSocket mailing > > list please goto > > http://www.elists.org/mailman/listinfo/twsocket > > Visit our website at http://www.overbyte.be > > > > > > > > -- > > To unsubscribe or change your settings for TWSocket mailing list > > please goto http://www.elists.org/mailman/listinfo/twsocket > > Visit our website at http://www.overbyte.be > > > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be