NTLM & Session Cookies

[Mike Watson <mi...@gmail.com>]

Hi,

I am trying to authenticate to an IIS based web service using NTLM. The
credentials appear to be accepted but because the session cookie is not
being sent back to the server it ultimately returns a 401.5.

I can see the successful logon in the windows event log on the server and I
see the 401.5 in the IIS log. From the client side, using wireshark I can
see that the NTLM exchange goes as expected but that none of the cookies
set by the original 401 response are sent back to the server in the
subsequent requests.

I use this to supposedly trigger cookie maintenance loosely borrowed from
here <http://monkeyingwithjava.wordpress.com/tag/cxf/>:
((BindingProvider)
port).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY,
"true");

And this is how I try to handle NTLM:
Bus bus = BusFactory.getDefaultBus();
bus.setProperty("use.async.http.conduit", "true");

Client client = ClientProxy.getClient(port);
client.getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION,
Boolean.TRUE);

HTTPConduit http = (HTTPConduit) client.getConduit();
if (http instanceof AsyncHTTPConduit) {
AsyncHTTPConduit conduit = (AsyncHTTPConduit) http;
 DefaultHttpAsyncClient defaultHttpAsyncClient;
try {
defaultHttpAsyncClient = conduit.getHttpAsyncClient();
 } catch (IOException exception) {
throw new RuntimeException(exception);
}
 defaultHttpAsyncClient.getCredentialsProvider().setCredentials(
AuthScope.ANY,
new NTCredentials(username, password,
                        InetAddress.getLocalHost().getHostName(), domain));

conduit.getClient().setAllowChunking(false);
 conduit.getClient().setAutoRedirect(true);
}

So I really have three questions:

   1. Do/why do I need to use HttpAsyncClient for NTLM?
   2. Is session cookie support implemented for HttpAsyncClient?
   3. If so, what am I doing wrong???

BTW I'm using CXF v2.7.3.

Thanks in advance
Mike