BTW: Connection: Keep-Alive is the default value in HTTP/1.1! -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html
Fastream Technologies wrote: > Yes I realized that after sending the message. Then I sent the below > message, have you received it?: > > Let me report more clearly: In the working/direct logs, we have > > > http://owa.bse-electronic.com/exchange > > GET /exchange HTTP/1.1 > Host: owa.bse-electronic.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive // LOOK! > > HTTP/1.x 401 Accès refusé > Server: Microsoft-IIS/5.0 > Date: Thu, 13 Mar 2008 15:23:44 GMT > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > WWW-Authenticate: Basic realm="owa.bse-electronic.com" > Connection: close //LOOK! > Content-Length: 21 > Content-Type: text/html > ---------------------------------------------------------- > http://owa.bse-electronic.com/exchange > > GET /exchange HTTP/1.1 > Host: owa.bse-electronic.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive //LOOK! > Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= > > HTTP/1.x 401 Accès refusé > Server: Microsoft-IIS/5.0 > Date: Thu, 13 Mar 2008 15:24:11 GMT > WWW-Authenticate: NTLM > TlRMTVNTUAACAAAAEAAQADgAAAAFgokCea/nLdPsCJkAAAAAAAAAAGoAagBIAAAABQCTCAAAAA9CAFMARQBfAEUATABFAEMAAgAQAEIAUwBFAF8ARQBMAEUAQwABABIAQgBTAEUAUwBWAE0AWAAwADEABAAQAGIAcwBlAC4AcAByAGkAdgADACQAYgBzAGUAcwB2AG0AeAAwADEALgBiAHMAZQAuAHAAcgBpAHYAAAAAAA== > Content-Length: 21 > Content-Type: text/html > > //LOOK! No connection header here--IQRP must have added it > automatically > depending on request header preference of ka > ---------------------------------------------------------- > http://owa.bse-electronic.com/exchange > > GET /exchange HTTP/1.1 > Host: owa.bse-electronic.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; > rv:1.8.1.12) > Gecko/20080201 Firefox/2.0.0.12 > Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > ,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAABAAEABAAAAAEAAQAFAAAAAMAAwAYAAAAAAAAAAAAAAABYIIAGIAcwBlAF8AZQBsAGUAYwBiAGUAcgB0AGgAaQBlAHIARgBTAFQALQBQAEMAdRwORof1/CcAAAAAAAAAAAAAAAAAAAAAttAjYSSpH3rb0l65d4MCP7MW4jcVWTJD > > HTTP/1.x 302 Object Moved > Location: http://owa.bse-electronic.com/exchange/ > Server: Microsoft-IIS/5.0 > Content-Type: text/html > Content-Length: 166 > //LOOK! No connection header here--IQRP must have added it > automatically > depending on request header preference of ka > > Now the question is: IF the request has connection: ka and the > response has > no connection: header line, should ICS assume it as ka or close? This > may be > a stupid IIS behavior but I am having difficulty explaining this to > customers--they don't care. > > > > On 3/15/08, Arno Garrels <[EMAIL PROTECTED]> wrote: >> >> Fastream Technologies wrote: >>> In the direct connection logs, if you look at the first request that >>> returns 401, its response has connection: close, >> >> That's totally ok since at that time the auth-type is not yet >> negotiated. However when the NTLM message type 1 is sent from the >> client to the server Keep-Alive must be ON. >> >> -- >> Arno Garrels >> >> >> rather strange it >>> worked that way. Anyway, I think this link I posted is the closest I >>> have as a clue... >>> >>> On 3/15/08, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>> >>>>> I asked the customer to enable >>>>> keep-alive and hope that it will work without any modification. >>>> >>>> Sure, NTLM auth requires Keep-Alive. However, in your log >>>> Keep-Alive is already used correctly, so what will that change? >>>> >>>> -- >>>> Arno Garrels >>>> >>>> Fastream Technologies wrote: >>>>> Hi Guys, >>>>> >>>>> I found this on my research: >>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=39673 >>>>> >>>>> Seems that NTLM is crap since it assumes statefulness on a >>>>> stateless protocol (HTTP). Shame on M$. I asked the customer to >>>>> enable keep-alive and hope that it will work without any >>>>> modification. FYI. >>>>> >>>>> Best Regards, >>>>> >>>>> SZ >>>>> >>>>> On 3/15/08, Fastream Technologies <[EMAIL PROTECTED]> wrote: >>>>>> >>>>>> Yes you are probably right--but the code is so simple and I >>>>>> checked the header sent with socketspy and it is the same size >>>>>> (208 bytes after "Authorization: NTLM ") in both direct and >>>>>> non-direct! As I said it is just a tunnel. Is there a way to >>>>>> decrypt the header with some ready tool? I do not want to waste >>>>>> time with complex ntlm code with as you suggested. But will look >>>>>> into structures now.... >>>>>> >>>>>> Regards, >>>>>> >>>>>> SZ >>>>>> >>>>>> >>>>>> On 3/15/08, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>>>>> >>>>>>> Fastream Technologies wrote: >>>>>>>> When I trace the code, it seems that your web server side NTLM >>>>>>>> code is not called at all. >>>>>>> >>>>>>> So, that is your implementation! If you do not call my code it >>>>>>> can hardly be the reason for the problem. >>>>>>> >>>>>>>> It just tunnels the www-authenticate headers >>>>>>>> to/from the web server. >>>>>>> >>>>>>> It's your application that is tunneling. >>>>>>> >>>>>>>> Can you suggest me some URLs so that I can >>>>>>>> read and understand what the eath is wrong with NTLM handshake? >>>>>>> >>>>>>> http://davenport.sourceforge.net/ntlm.html >>>>>>> >>>>>>>> You >>>>>>>> told me all is well in one of your first mails. However, there >>>>>>>> must be something wrong. For example, is the domain info >>>>>>>> embedded in the hashed ntlm handshake? >>>>>>> >>>>>>> If you ever want to know exactly what is included in the NTLM >>>>>>> messages you need to write a parser, basic info from NTLM >>>>>>> message type 2 can be viewed with a function from Francois' unit >>>>>>> OverbyteIcsNtlmMsgs.pas, it also includes the structures and >>>>>>> shows how to parse NTLM messages. >>>>>>> >>>>>>> -- >>>>>>> Arno Garrels >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> To unsubscribe or change your settings for TWSocket mailing list >>>>>>> please goto >>>>>>> http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit >>>>>>> our website at http://www.overbyte.be >>>> -- >>>> To unsubscribe or change your settings for TWSocket mailing list >>>> please goto >>>> http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit >>>> our website at http://www.overbyte.be >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
