> As you can see the server must at least generate the Challenge when
> speak with an ICS client, and keep it to elaborate the Message3.
>
> While from the client side we are "free" to set flags and fields with
> specific values, the server should be able to hadle all possible
> values if it must answer to a client different from ICS.

This client/server dialog occurs in a single TCP session handled by a single 
TWSocket at server
side. You can store anything you like n that TWSocket without collision with 
other clients.

> >There is nothing in the component. It has to be handled at the application
> >level. Code has been published to show how to do it. I don't remember where
> >:-(
>
> So it is the application that tell the component to answer with a 401
> code?

Yes, it is.
--
[EMAIL PROTECTED]
Author of ICS (Internet Component Suite, freeware)
Author of MidWare (Multi-tier framework, freeware)
http://www.overbyte.be


----- Original Message ----- 
From: "Maurizio Lotauro" <[EMAIL PROTECTED]>
To: "ICS support mailing" <twsocket@elists.org>
Sent: Wednesday, June 22, 2005 4:51 AM
Subject: Re: [twsocket] HttpSrv: implementing NTLM


> On 21-Jun-05 08:13:21 Francois Piette wrote:
>
> >> Yes, and now I partially know how the client works internally. But I
> >> never worked on the source of the server, so I should first learn how
> >> it works internally.
>
> >It's quite simple. Each client has his own TWSocket instance. This reduce the
> >problem to a single user.
>
> Ok, but certainly a status of the authentication progress must be
> introduced. Reading the source of the client:
> a) the client sent a Message1, which contain some fields, most set to
> a fixed value
> b) the server answer with a Message2. The client will use only the
> Challenge field
> c) the client reply with a Message3. This is where user and password
> are set. Again, some fields are set with fixed values.
>
> As you can see the server must at least generate the Challenge when
> speak with an ICS client, and keep it to elaborate the Message3.
>
> While from the client side we are "free" to set flags and fields with
> specific values, the server should be able to hadle all possible
> values if it must answer to a client different from ICS.
>
> It seems to me not so easy nor quick to implement.
>
> >> I checked (very quickly) the code but I don't understood how it
> >> handle the basic authentication.
>
> >There is nothing in the component. It has to be handled at the application
> >level. Code has been published to show how to do it. I don't remember where
> >:-(
>
> So it is the application that tell the component to answer with a 401
> code?
>
> >> Is there already a similar situation, i.e. the component exchange
> >> automatically more that one request with the client?
>
> >That's normal HTTP 1.1 behaviour.
>
> I mean if the component already handle a situation where it should
> keep track of the "progess" of an operation.
>
> >> Speaking about the NTLM, I don't know if it will be "correct" to
> >> don't use the Windows domain user base. Probably it is the only
> >> reason to use the NTLM instead other authentications.
>
> >Yes, this is one interesting point in NTLM . But also NTLM offer true
> >protection agains transmitting passwords over the internet.
>
> That's true, but as said, I think it is not so easy to do if you want
> that the server will handle the authentication from a generic client.
>
> If the server will handle connection only from an ICS client for a
> specific application then it could use the basic authentication where
> the client as password will send a MD5ed version or any other hashed
> version.
>
> About NTLM over the internet, it has diffcult to go through proxies,
> then I doubt it can be used outside an intranet.
>
>
> Bye, Maurizio.
>
>
> -- 
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://www.elists.org/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>


-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to