You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by Steve Johnson <sj...@mercury.com> on 2004/06/23 18:31:24 UTC

RE: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0

Hi All,

Thanks again Adrian, very helpful.

The NTCredentials API shows that the user, password, host, and domain
can be set. Is it possible to use the logged-in users credentials?
This way it would allow a user to be authenticated without
reentering user/pw.

Thanks for the help,
Steve

-----Original Message-----
From: Adrian Sutton [mailto:adrian@intencha.com] 
Sent: Tuesday, June 22, 2004 4:20 PM
To: Commons HttpClient Project
Subject: Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0

This sounds very much like the webserver isn't really using NTLM but is 
using Digest/Basic instead.  If it really were using NTLM passing in 
DOMAIN\User would definitely not work because HttpClient doesn't check 
for that case.  That would also explain why the realm isn't what you 
expect.  I'd say a wire log should shed a lot of light on the situation 
(see http://jakarta.apache.org/commons/httpclient/logging.html )

Regards,

Adrian Sutton

On 23/06/2004, at 3:43 AM, Steve Johnson wrote:

> Hi All,
>
> Using HTTPClient version 2.0
>
> We are using HTTPClient to login to a MS Exchange web page account.
> We can only get it to work by passing in the realm as null, and
> putting the domain back on to the front of the user to pass into 
> NTCredentials().
>
> new NTCredentials(authUserNameAppendDomainWithBackSlash + 
> settings.getAuthUserName(),
> settings.getAuthPassword(),
>                                 settings.getHost(), 
> settings.getAuthDomain())
>
> The comments on the interface say that only the username should be 
> passed in, and NOT the domain.
> For other NTLM pages it works to use only the user, but this page has 
> not worked for us without the domain
> like this myDomain\myUser.
>
> On State.setCredentials() we have tried passing the host, null, and 
> the string "realm" in without the domain
> appended to user.
> All these attempts fail. We would prefer to use the API without the 
> domain on the user.
>
>                 client.getState().setCredentials(
>                         null,                     //"realm", null, 
> settings.getHost()-
>                         settings.getHost(),
>                         new NTCredentials(authUserNameAppendDomain + 
> settings.getAuthUserName(),
> settings.getAuthPassword(),
>                                 settings.getHost(), 
> settings.getAuthDomain())
>                 );
>
> Is there some documentation on how the realm interacts with 
> authentication?
>
> Thanks for your time and effort,
> Steve
>
> Steve Johnson
> Software Engineer
> Mercury Interactive
> 720 564 - 6532
> USA, Canada and the Americas
> 720 564-6620
> Hours: M-F 08:00-17:00 MST (Mountain Standard Time)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>  <http://www.mercuryinteractive.com> http://www.mercuryinteractive.com
> Looking for Answers to your SiteScope or SiteSeer questions?        
> <http://support.mercuryinteractive.com>
> http://support.mercuryinteractive.com
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
----------------------------------------------
Intencha "tomorrow's technology today"
Ph: 38478913 0422236329
Suite 8/29 Oatland Crescent
Holland Park West 4121
Australia QLD
www.intencha.com

Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0

Posted by Adrian Sutton <ad...@intencha.com>.

Hi Steve,
There's no way that I know of to do this, however the builtin handling 
for the JRE seems to manage it so there's probably a com.sun class 
around somewhere that makes it possible.  It would definitely be 
possibly using JNI.  It's on my todo list to investigate how this is 
done but it's a fairly low priority (not a single user has complained 
yet - presumably because few of our users use NTLM).  If you do find 
out how to do it please do let us know.

Regards,

Adrian Sutton.

On 24/06/2004, at 2:31 AM, Steve Johnson wrote:

> Hi All,
>
> Thanks again Adrian, very helpful.
>
> The NTCredentials API shows that the user, password, host, and domain
> can be set. Is it possible to use the logged-in users credentials?
> This way it would allow a user to be authenticated without
> reentering user/pw.
>
> Thanks for the help,
> Steve
>
> -----Original Message-----
> From: Adrian Sutton [mailto:adrian@intencha.com]
> Sent: Tuesday, June 22, 2004 4:20 PM
> To: Commons HttpClient Project
> Subject: Re: NTLM authentication to an MS Exchange web page account 
> using HTTP Client V2.0
>
> This sounds very much like the webserver isn't really using NTLM but is
> using Digest/Basic instead.  If it really were using NTLM passing in
> DOMAIN\User would definitely not work because HttpClient doesn't check
> for that case.  That would also explain why the realm isn't what you
> expect.  I'd say a wire log should shed a lot of light on the situation
> (see http://jakarta.apache.org/commons/httpclient/logging.html )
>
> Regards,
>
> Adrian Sutton
>
> On 23/06/2004, at 3:43 AM, Steve Johnson wrote:
>
>> Hi All,
>>
>> Using HTTPClient version 2.0
>>
>> We are using HTTPClient to login to a MS Exchange web page account.
>> We can only get it to work by passing in the realm as null, and
>> putting the domain back on to the front of the user to pass into
>> NTCredentials().
>>
>> new NTCredentials(authUserNameAppendDomainWithBackSlash +
>> settings.getAuthUserName(),
>> settings.getAuthPassword(),
>>                                 settings.getHost(),
>> settings.getAuthDomain())
>>
>> The comments on the interface say that only the username should be
>> passed in, and NOT the domain.
>> For other NTLM pages it works to use only the user, but this page has
>> not worked for us without the domain
>> like this myDomain\myUser.
>>
>> On State.setCredentials() we have tried passing the host, null, and
>> the string "realm" in without the domain
>> appended to user.
>> All these attempts fail. We would prefer to use the API without the
>> domain on the user.
>>
>>                 client.getState().setCredentials(
>>                         null,                     //"realm", null,
>> settings.getHost()-
>>                         settings.getHost(),
>>                         new NTCredentials(authUserNameAppendDomain +
>> settings.getAuthUserName(),
>> settings.getAuthPassword(),
>>                                 settings.getHost(),
>> settings.getAuthDomain())
>>                 );
>>
>> Is there some documentation on how the realm interacts with
>> authentication?
>>
>> Thanks for your time and effort,
>> Steve
>>
>> Steve Johnson
>> Software Engineer
>> Mercury Interactive
>> 720 564 - 6532
>> USA, Canada and the Americas
>> 720 564-6620
>> Hours: M-F 08:00-17:00 MST (Mountain Standard Time)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>  <http://www.mercuryinteractive.com> http://www.mercuryinteractive.com
>> Looking for Answers to your SiteScope or SiteSeer questions?
>> <http://support.mercuryinteractive.com>
>> http://support.mercuryinteractive.com
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>
>>
>>
> ----------------------------------------------
> Intencha "tomorrow's technology today"
> Ph: 38478913 0422236329
> Suite 8/29 Oatland Crescent
> Holland Park West 4121
> Australia QLD
> www.intencha.com
>
----------------------------------------------
Intencha "tomorrow's technology today"
Ph: 38478913 0422236329
Suite 8/29 Oatland Crescent
Holland Park West 4121
Australia QLD
www.intencha.com