> As you can see the server must at least generate the Challenge when > speak with an ICS client, and keep it to elaborate the Message3. > > While from the client side we are "free" to set flags and fields with > specific values, the server should be able to hadle all possible > values if it must answer to a client different from ICS.
This client/server dialog occurs in a single TCP session handled by a single TWSocket at server side. You can store anything you like n that TWSocket without collision with other clients. > >There is nothing in the component. It has to be handled at the application > >level. Code has been published to show how to do it. I don't remember where > >:-( > > So it is the application that tell the component to answer with a 401 > code? Yes, it is. -- [EMAIL PROTECTED] Author of ICS (Internet Component Suite, freeware) Author of MidWare (Multi-tier framework, freeware) http://www.overbyte.be ----- Original Message ----- From: "Maurizio Lotauro" <[EMAIL PROTECTED]> To: "ICS support mailing" <[email protected]> Sent: Wednesday, June 22, 2005 4:51 AM Subject: Re: [twsocket] HttpSrv: implementing NTLM > On 21-Jun-05 08:13:21 Francois Piette wrote: > > >> Yes, and now I partially know how the client works internally. But I > >> never worked on the source of the server, so I should first learn how > >> it works internally. > > >It's quite simple. Each client has his own TWSocket instance. This reduce the > >problem to a single user. > > Ok, but certainly a status of the authentication progress must be > introduced. Reading the source of the client: > a) the client sent a Message1, which contain some fields, most set to > a fixed value > b) the server answer with a Message2. The client will use only the > Challenge field > c) the client reply with a Message3. This is where user and password > are set. Again, some fields are set with fixed values. > > As you can see the server must at least generate the Challenge when > speak with an ICS client, and keep it to elaborate the Message3. > > While from the client side we are "free" to set flags and fields with > specific values, the server should be able to hadle all possible > values if it must answer to a client different from ICS. > > It seems to me not so easy nor quick to implement. > > >> I checked (very quickly) the code but I don't understood how it > >> handle the basic authentication. > > >There is nothing in the component. It has to be handled at the application > >level. Code has been published to show how to do it. I don't remember where > >:-( > > So it is the application that tell the component to answer with a 401 > code? > > >> Is there already a similar situation, i.e. the component exchange > >> automatically more that one request with the client? > > >That's normal HTTP 1.1 behaviour. > > I mean if the component already handle a situation where it should > keep track of the "progess" of an operation. > > >> Speaking about the NTLM, I don't know if it will be "correct" to > >> don't use the Windows domain user base. Probably it is the only > >> reason to use the NTLM instead other authentications. > > >Yes, this is one interesting point in NTLM . But also NTLM offer true > >protection agains transmitting passwords over the internet. > > That's true, but as said, I think it is not so easy to do if you want > that the server will handle the authentication from a generic client. > > If the server will handle connection only from an ICS client for a > specific application then it could use the basic authentication where > the client as password will send a MD5ed version or any other hashed > version. > > About NTLM over the internet, it has diffcult to go through proxies, > then I doubt it can be used outside an intranet. > > > Bye, Maurizio. > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
