BTW: Connection: Keep-Alive is the default value in HTTP/1.1!

--
Arno Garrels [TeamICS]
http://www.overbyte.be/eng/overbyte/teamics.html



Fastream Technologies wrote:
> Yes I realized that after sending the message. Then I sent the below
> message, have you received it?:
> 
>  Let me report more clearly: In the working/direct logs, we have
> 
> 
> http://owa.bse-electronic.com/exchange
> 
> GET /exchange HTTP/1.1
> Host: owa.bse-electronic.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
> rv:1.8.1.12) 
> Gecko/20080201 Firefox/2.0.0.12
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
> ,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive // LOOK!
> 
> HTTP/1.x 401 Accès refusé
> Server: Microsoft-IIS/5.0
> Date: Thu, 13 Mar 2008 15:23:44 GMT
> WWW-Authenticate: Negotiate
> WWW-Authenticate: NTLM
> WWW-Authenticate: Basic realm="owa.bse-electronic.com"
> Connection: close //LOOK!
> Content-Length: 21
> Content-Type: text/html
> ----------------------------------------------------------
> http://owa.bse-electronic.com/exchange
> 
> GET /exchange HTTP/1.1
> Host: owa.bse-electronic.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
> rv:1.8.1.12) 
> Gecko/20080201 Firefox/2.0.0.12
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
> ,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive //LOOK!
> Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
> 
> HTTP/1.x 401 Accès refusé
> Server: Microsoft-IIS/5.0
> Date: Thu, 13 Mar 2008 15:24:11 GMT
> WWW-Authenticate: NTLM
> TlRMTVNTUAACAAAAEAAQADgAAAAFgokCea/nLdPsCJkAAAAAAAAAAGoAagBIAAAABQCTCAAAAA9CAFMARQBfAEUATABFAEMAAgAQAEIAUwBFAF8ARQBMAEUAQwABABIAQgBTAEUAUwBWAE0AWAAwADEABAAQAGIAcwBlAC4AcAByAGkAdgADACQAYgBzAGUAcwB2AG0AeAAwADEALgBiAHMAZQAuAHAAcgBpAHYAAAAAAA==
> Content-Length: 21
> Content-Type: text/html
> 
> //LOOK! No connection header here--IQRP must have added it
> automatically 
> depending on request header preference of ka
> ----------------------------------------------------------
> http://owa.bse-electronic.com/exchange
> 
> GET /exchange HTTP/1.1
> Host: owa.bse-electronic.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
> rv:1.8.1.12) 
> Gecko/20080201 Firefox/2.0.0.12
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
> ,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAABAAEABAAAAAEAAQAFAAAAAMAAwAYAAAAAAAAAAAAAAABYIIAGIAcwBlAF8AZQBsAGUAYwBiAGUAcgB0AGgAaQBlAHIARgBTAFQALQBQAEMAdRwORof1/CcAAAAAAAAAAAAAAAAAAAAAttAjYSSpH3rb0l65d4MCP7MW4jcVWTJD
> 
> HTTP/1.x 302 Object Moved
> Location: http://owa.bse-electronic.com/exchange/
> Server: Microsoft-IIS/5.0
> Content-Type: text/html
> Content-Length: 166
> //LOOK! No connection header here--IQRP must have added it
> automatically 
> depending on request header preference of ka
> 
> Now the question is: IF the request has connection: ka and the
> response has 
> no connection: header line, should ICS assume it as ka or close? This
> may be 
> a stupid IIS behavior but I am having difficulty explaining this to
> customers--they don't care.
> 
> 
> 
> On 3/15/08, Arno Garrels <[EMAIL PROTECTED]> wrote:
>> 
>> Fastream Technologies wrote:
>>> In the direct connection logs, if you look at the first request that
>>> returns 401, its response has connection: close,
>> 
>> That's totally ok since at that time the auth-type is not yet
>> negotiated. However when the NTLM message type 1 is sent from the
>> client to the server Keep-Alive must be ON.
>> 
>> --
>> Arno Garrels
>> 
>> 
>> rather strange it
>>> worked that way. Anyway, I think this link I posted is the closest I
>>> have as a clue...
>>> 
>>> On 3/15/08, Arno Garrels <[EMAIL PROTECTED]> wrote:
>>>> 
>>>>> I asked the customer to enable
>>>>> keep-alive and hope that it will work without any modification.
>>>> 
>>>> Sure, NTLM auth requires Keep-Alive. However, in your log
>>>> Keep-Alive is already used correctly, so what will that change?
>>>> 
>>>> --
>>>> Arno Garrels
>>>> 
>>>> Fastream Technologies wrote:
>>>>> Hi Guys,
>>>>> 
>>>>> I found this on my research:
>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=39673
>>>>> 
>>>>> Seems that NTLM is crap since it assumes statefulness on a
>>>>> stateless protocol (HTTP). Shame on M$. I asked the customer to
>>>>> enable keep-alive and hope that it will work without any
>>>>> modification. FYI. 
>>>>> 
>>>>> Best Regards,
>>>>> 
>>>>> SZ
>>>>> 
>>>>> On 3/15/08, Fastream Technologies <[EMAIL PROTECTED]> wrote:
>>>>>> 
>>>>>> Yes you are probably right--but the code is so simple and I
>>>>>> checked the header sent with socketspy and it is the same size
>>>>>> (208 bytes after "Authorization: NTLM ") in both direct and
>>>>>> non-direct! As I said it is just a tunnel. Is there a way to
>>>>>> decrypt the header with some ready tool? I do not want to waste
>>>>>> time with complex ntlm code with as you suggested. But will look
>>>>>> into structures now.... 
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> SZ
>>>>>> 
>>>>>> 
>>>>>>  On 3/15/08, Arno Garrels <[EMAIL PROTECTED]> wrote:
>>>>>>> 
>>>>>>> Fastream Technologies wrote:
>>>>>>>> When I trace the code, it seems that your web server side NTLM
>>>>>>>> code is not called at all.
>>>>>>> 
>>>>>>> So, that is your implementation! If you do not call my code it
>>>>>>> can hardly be the reason for the problem.
>>>>>>> 
>>>>>>>> It just tunnels the www-authenticate headers
>>>>>>>> to/from the web server.
>>>>>>> 
>>>>>>> It's your application that is tunneling.
>>>>>>> 
>>>>>>>> Can you suggest me some URLs so that I can
>>>>>>>> read and understand what the eath is wrong with NTLM handshake?
>>>>>>> 
>>>>>>> http://davenport.sourceforge.net/ntlm.html
>>>>>>> 
>>>>>>>> You
>>>>>>>> told me all is well in one of your first mails. However, there
>>>>>>>> must be something wrong. For example, is the domain info
>>>>>>>> embedded in the hashed ntlm handshake?
>>>>>>> 
>>>>>>> If you ever want to know exactly what is included in the NTLM
>>>>>>> messages you need to write a parser, basic info from NTLM
>>>>>>> message type 2 can be viewed with a function from Francois' unit
>>>>>>> OverbyteIcsNtlmMsgs.pas, it also includes the structures and
>>>>>>> shows how to parse NTLM messages.
>>>>>>> 
>>>>>>> --
>>>>>>> Arno Garrels
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> To unsubscribe or change your settings for TWSocket mailing list
>>>>>>> please goto
>>>>>>> http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
>>>>>>> our website at http://www.overbyte.be
>>>> --
>>>> To unsubscribe or change your settings for TWSocket mailing list
>>>> please goto
>>>> http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
>>>> our website at http://www.overbyte.be 
>> --
>> To unsubscribe or change your settings for TWSocket mailing list
>> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
>> Visit our website at http://www.overbyte.be
-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to