Thank you. I created a logging mechanism. I noticed that the first request
from THttpCli did not have a Keep-alive connection like it seems yours did
in step 1 so I investigated this. It lead me to this code:
{$IFDEF DELPHI5_UP}
{$DEFINE UseNTLMAuthentication}
{$ENDIF}
Since I'm using BCB 6, it seemed like UseNTLMAuthentication wasn't getting
defined. So I defined it and recompiled and had more success (but not
complete). So this is an issue that should be corrected in HttpProt.pas.
Now, it appears that NTLM is working but I am getting back a corrupted
document. When I request:
http://val.htmlvalidator.com:81/
Username: test
Password: testpw
I get the below document back. It looks like a corruption of the
unauthorized page and the correct page. Any ideas? When I request the above
page in Firefox and view the source, I get what I expected.
>>> BEGIN DOC
>>> BEGIN DOC
>>> BEGIN DOC
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Window<!DOCTYPE
HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<title>NTLM Auth Test</title>
<meta http-equiv="Content-Type" content="text/html;
charset=us-ascii">
<meta name="generator" content="CSE HTML Validator Professional
(http://www.htmlvalidator.com/)">
</head>
<body>
<h1>Success! The file came through.</h1>
</body>
</html>
s://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the
# symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL
value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next
slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g,
'<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You
are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have
permission to view this directory or page using the credentials you
supplied.</id></font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to
try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please
contact the Web site administrator by using the e-mail address or phone
number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) &&
(window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script> home
page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.1 -
Unauthorized: Logon Failed<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>More information:<br>
<a
href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid
=&ID=401.1&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3="
target="_blank">Microsoft Support</a>
</li>
</font></td>
</tr>
</table>
</body>
</html>
>Response</strong> object to request that the client use a certain
authentication method to access the resource.
<p>
<li>More information:<br>
<a
href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid
=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3="
target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
>>> END DOC
>>> END DOC
>>> END DOC
--
Albert Wiersch
AI Internet Solutions
[EMAIL PROTECTED]
http://www.htmlvalidator.com/
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tibor Csonka
> Sent: Friday, March 18, 2005 2:03 AM
> To: 'ICS support mailing'
> Subject: RE: [twsocket] HELP with NTLM authentication
>
>
> I was compiled with Delphi 7. Nothing special was done regarding NTLM
> authentication, however I have a litle bit customized HttpCli.
>
> I think it should work for you too.
>
> About the header log, you can listen on OnHeadersDone or
> OnHeaderData events
> on HttpCli and log each header.
> Also it could be useful if you log OnSessionConnected events
> to know when
> your HttpCli has initiate a new connection, because NTLM
> authentication
> works on a connected socket session.
>
> regards
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Albert Wiersch
> Sent: Friday, March 18, 2005 1:25 AM
> To: 'ICS support mailing'
> Subject: RE: [twsocket] HELP with NTLM authentication
>
>
> Thank you for checking. What compiler did you compile
> THttpCli with? Did you
> do anything special to get it to work? It still doesn't work for me.
>
> How did you get the headers log? Perhaps I could try to see
> what's going on
> as well.
>
> When I try it, I get a page back titled "You are not
> authorized to view this
> page". When I switch the server to accepting basic
> authentication, it works.
>
> --
> Albert Wiersch
> AI Internet Solutions
> [EMAIL PROTECTED]
> http://www.htmlvalidator.com/
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Tibor Csonka
> > Sent: Thursday, March 17, 2005 3:59 PM
> > To: 'ICS support mailing'
> > Subject: RE: [twsocket] HELP with NTLM authentication
> >
> >
> > I could access your site with no problem. Here are the headers log:
> >
> > Step 1:
> > GET / HTTP/1.0
> > Connection: Keep-alive
> > Host: val.htmlvalidator.com:81
> >
> > HTTP/1.1 401 Access Denied
> > Server: Microsoft-IIS/5.1
> > Date: Thu, 17 Mar 2005 21:57:30 GMT
> > WWW-Authenticate: Negotiate
> > WWW-Authenticate: NTLM
> > Content-Length: 4431
> > Content-Type: text/html
> >
> > Step 2:
> > GET / HTTP/1.0
> > Connection: Keep-alive
> > Host: val.htmlvalidator.com:81
> > Authorization: NTLM TlRMTVNTUAABAAAAB4IAAAAAAAAAAAAAAAAAAAAAAAA=
> >
> > HTTP/1.1 401 Access Denied
> > Server: Microsoft-IIS/5.1
> > Date: Thu, 17 Mar 2005 21:57:32 GMT
> > WWW-Authenticate: NTLM
> > TlRMTVNTUAACAAAABAAEADgAAAAFgoICHhgRPrzi0v8AAAAAAAAAACQAJAA8AA
> > AABQEoCgAAAA9a
> > ADIAAgAEAFoAMgABAAQAWgAyAAQABAB6ADIAAwAEAHoAMgAAAAAA
> > Connection: keep-alive
> > Content-Length: 4033
> > Content-Type: text/html
> >
> > Step 3:
> > GET / HTTP/1.0
> > Connection: Keep-alive
> > Host: val.htmlvalidator.com:81
> > Authorization: NTLM
> > TlRMTVNTUAADAAAAGAAYAE4AAAAYABgAZgAAAAAAAABAAAAACAAIAEAAAAAGAA
> > YASAAAAAAAAAAA
> > AAAABYIAAHQAZQBzAHQAYgBlAGUAD58YyBRwoVZFrYVWYeiTHJ1jHhvc58x3qR
> > b7IFJ5glQT8jsl
> > 867NwImoBzUHq3kS
> >
> > HTTP/1.1 200 OK
> > Server: Microsoft-IIS/5.1
> > Connection: keep-alive
> > Content-Location: http://val.htmlvalidator.com:81/index.htm
> > Date: Thu, 17 Mar 2005 21:57:34 GMT
> > Content-Type: text/html
> > Accept-Ranges: bytes
> > Last-Modified: Thu, 17 Mar 2005 20:09:46 GMT
> > ETag: "b21949442d2bc51:97b"
> > Content-Length: 404
> >
> > regards
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Albert Wiersch
> > Sent: Thursday, March 17, 2005 11:13 PM
> > To: 'ICS support mailing'
> > Subject: [twsocket] HELP with NTLM authentication
> >
> >
> > My users have reported problems with NTLM authentication. I
> > have also never
> > seen it to work. I am using the latest release version of
> ICS. I have
> > compiled it with BCB 6.
> >
> > Can someone see if they can access the below URL with
> > THttpCli? I have not
> > had any luck. I get an unauthorized page. I've tested it with
> > IE and Firefox
> > and it works.
> >
> > Please try:
> > http://val.htmlvalidator.com:81/
> >
> > Username: test
> > Password: testpw
> >
> > The page should say "Success! The file came through.".
> >
> > If it doesn't work for you either, then is this a bug with the NTLM
> > authentication? If it does work, do you know why it wouldn't
> > be working for
> > me?
> >
> > Thank you.
> >
> > --
> > Albert Wiersch
> > AI Internet Solutions
> > [EMAIL PROTECTED]
> > http://www.htmlvalidator.com/
> >
> >
> > --
> > To unsubscribe or change your settings for TWSocket mailing
> > list please goto
> > http://www.elists.org/mailman/listinfo/twsocket
> > Visit our website at http://www.overbyte.be
> >
> >
> >
> > --
> > To unsubscribe or change your settings for TWSocket mailing list
> > please goto http://www.elists.org/mailman/listinfo/twsocket
> > Visit our website at http://www.overbyte.be
> >
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://www.elists.org/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://www.elists.org/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
