On 21-Jun-05 08:13:21 Francois Piette wrote: >> Yes, and now I partially know how the client works internally. But I >> never worked on the source of the server, so I should first learn how >> it works internally.
>It's quite simple. Each client has his own TWSocket instance. This reduce the >problem to a single user. Ok, but certainly a status of the authentication progress must be introduced. Reading the source of the client: a) the client sent a Message1, which contain some fields, most set to a fixed value b) the server answer with a Message2. The client will use only the Challenge field c) the client reply with a Message3. This is where user and password are set. Again, some fields are set with fixed values. As you can see the server must at least generate the Challenge when speak with an ICS client, and keep it to elaborate the Message3. While from the client side we are "free" to set flags and fields with specific values, the server should be able to hadle all possible values if it must answer to a client different from ICS. It seems to me not so easy nor quick to implement. >> I checked (very quickly) the code but I don't understood how it >> handle the basic authentication. >There is nothing in the component. It has to be handled at the application >level. Code has been published to show how to do it. I don't remember where >:-( So it is the application that tell the component to answer with a 401 code? >> Is there already a similar situation, i.e. the component exchange >> automatically more that one request with the client? >That's normal HTTP 1.1 behaviour. I mean if the component already handle a situation where it should keep track of the "progess" of an operation. >> Speaking about the NTLM, I don't know if it will be "correct" to >> don't use the Windows domain user base. Probably it is the only >> reason to use the NTLM instead other authentications. >Yes, this is one interesting point in NTLM . But also NTLM offer true >protection agains transmitting passwords over the internet. That's true, but as said, I think it is not so easy to do if you want that the server will handle the authentication from a generic client. If the server will handle connection only from an ICS client for a specific application then it could use the basic authentication where the client as password will send a MD5ed version or any other hashed version. About NTLM over the internet, it has diffcult to go through proxies, then I doubt it can be used outside an intranet. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
