You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Naresh Koutam <na...@aptuit.com> on 2007/05/03 13:28:09 UTC
windows authentication problem
Hi,
We are working on a project which requires us to interact with an ASP
on IIS 5 behind Https with windows authentication. There is a link to
this ASP application on click of this the user should auto login with
the available credentials (username and password are read from
properties file). But when we used HttpClient we are able to get the
Index page content as a String in the program.But to our agony when we
try to access the URL through the Java Program after HttpClient
authentication, windows authentication popup is thrown. Is there any I
could navigate to next page after authentication?
We are behind a Proxy, the same program works fine with an ASP
application which is running on IIS 6 with Https and Windows
Authentication.=20
ISAPI filter rewriting is the only why or do we have some solution with
Java and related technologies.
Thanks,
Naresh Kumar Koutam
****************IMPORTANT--PLEASE READ*******************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. If this electronic message contains a zipped attachment and you do
not have a decompression tool, you may download unZIP (free of cost) from:
http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
that the attachment be resent in an uncompressed format. Thank you.
************************************************************************
RE: windows authentication problem
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2007-05-04 at 04:07 -0500, Naresh Koutam wrote:
> Hi Roland,
>
> If you see my code I am getting the response as string of the index page
> fo the ASP application after login using getResponseBodyAsString.
> Instead of doing this I want the user to be redirect to that page with
> the user being prompted for username and password again.
>
> So, how to use the HttpState while redirecting?
>
> Thanks,
> Naresh Kumar
>
Naresh
Please post a _complete_ wire / context log of the HTTP session (as
stated in the HttpClient troubleshooting guide) if you expect any
meaningful help from us
Oleg
> ****************IMPORTANT--PLEASE READ*******************
> This electronic message, including its attachments, is COMPANY CONFIDENTIAL
> and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
> not the intended recipient, you are hereby notified that any use, disclosure,
> copying, or distribution of this message or any of the information included
> in it is unauthorized and strictly prohibited. If you have received this
> message in error, please immediately notify the sender by reply e-mail and
> permanently delete this message and its attachments, along with any copies
> thereof. If this electronic message contains a zipped attachment and you do
> not have a decompression tool, you may download unZIP (free of cost) from:
> http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
> that the attachment be resent in an uncompressed format. Thank you.
> ************************************************************************
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: windows authentication problem
Posted by Roland Weber <os...@dubioso.net>.
Hello Naresh,
> I want the user to be redirect to that page with
> the user being prompted for username and password again.
In a previous mail, you wrote:
> when we
> try to access the URL through the Java Program after HttpClient
> authentication, windows authentication popup is thrown.
So that is exactly what you want. What is your problem?
I am suspecting that you don't have any problem with HttpClient
at all, but that you need help with your application architecture.
That is not the scope of this mailing list. We do have an
application design FAQ though, and I recently added something
about servers authenticating on behalf of clients:
http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedApplicationDesignQuestions#head-e63c63dcbb2b152f9f6ad74b29b80cd00d45abe7
I'm not sure whether that is what you are trying to do.
If so: it's not possible.
hope that helps,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: windows authentication problem
Posted by Roland Weber <os...@dubioso.net>.
Naresh Koutam wrote:
> Hi Roland,
>
> If you see my code I am getting the response as string of the index page
> fo the ASP application after login using getResponseBodyAsString.
> Instead of doing this I want the user to be redirect to that page with
> the user being prompted for username and password again.
>
> So, how to use the HttpState while redirecting?
>
> Thanks,
> Naresh Kumar
>
> ****************IMPORTANT--PLEASE READ*******************
> This electronic message, including its attachments, is COMPANY CONFIDENTIAL
> and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
> not the intended recipient, you are hereby notified that any use, disclosure,
> copying, or distribution of this message or any of the information included
> in it is unauthorized and strictly prohibited. If you have received this
> message in error, please immediately notify the sender by reply e-mail and
> permanently delete this message and its attachments, along with any copies
> thereof. If this electronic message contains a zipped attachment and you do
> not have a decompression tool, you may download unZIP (free of cost) from:
> http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
> that the attachment be resent in an uncompressed format. Thank you.
> ************************************************************************
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: windows authentication problem
Posted by Naresh Koutam <na...@aptuit.com>.
Hi Roland,
If you see my code I am getting the response as string of the index page
fo the ASP application after login using getResponseBodyAsString.
Instead of doing this I want the user to be redirect to that page with
the user being prompted for username and password again.
So, how to use the HttpState while redirecting?
Thanks,
Naresh Kumar
****************IMPORTANT--PLEASE READ*******************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. If this electronic message contains a zipped attachment and you do
not have a decompression tool, you may download unZIP (free of cost) from:
http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
that the attachment be resent in an uncompressed format. Thank you.
************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: windows authentication problem
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Naresh,
> private void getConnected() throws IOException {
>
> HttpClient client = new HttpClient();
> HttpState state = client.getState();
Keep that state in the HttpSession of the servlet. For future
requests, pass that state to HttpClient.executeMethod(...) or
use HttpClient.setState(...) if there are no multithreading
issues.
> } finally {
> // release any connection resources used by the method
> httpget.releaseConnection();
> }
You are releasing the connection back to the manager, but
you are not _closing_ it. If you don't plan to re-use the
HttpClient object or it's connection manager, call
HttpConnectionManager.shutdown().
Read the Threading Guide and the Performance Guide first:
http://jakarta.apache.org/commons/httpclient/threading.html
http://jakarta.apache.org/commons/httpclient/performance.html
hope that helps,
Roland
RE: windows authentication problem
Posted by Naresh Koutam <na...@aptuit.com>.
Hi Roland,
Here is the code that I used, please give me suggestion how to keep the
HttpState while redirecting..
Code Starts here
******************
public class LinkPage {
private ExternalContext ectx = null;
private HttpServletRequest request = null;
private HttpServletResponse response = null;
private HttpSession session = null;
public LinkPage() {
ectx = FacesContext.getCurrentInstance().getExternalContext();
request = (HttpServletRequest)ectx.getRequest();
response = (HttpServletResponse)ectx.getResponse();
session = (HttpSession)ectx.getSession(true);
}
public String formSubmit_action(){
try {
getConnected();
return "success";
} catch (Exception exception) {
exception.printStackTrace();
}
return "success";
}
private void getConnected() throws IOException {
HttpClient client = new HttpClient();
HttpState state = client.getState();
GetMethod redirect = null;
client.getHostConfiguration().setProxy("xxx.xxx.x.xx", 8080);
HttpClientParams params = new HttpClientParams();
Credentials credentials = (Credentials)new
ConsoleAuthPrompter();
state.setCredentials(null,credentials);
client.getParams().setParameter(CredentialsProvider.PROVIDER,
credentials);
client.getParams().setBooleanParameter(HttpClientParams.ALLOW_CIRCULAR_R
EDIRECTS,
true);
GetMethod httpget =
new GetMethod("https://abcdef.xyz.com/ouapp/index.html");
httpget.setDoAuthentication(true);
try {
int status = client.executeMethod(httpget);
response.setHeader("Location",
"https://abcdef.xyz.com/ouapp/index.html");
response.setStatus(301);
} catch (Exception e) {
e.printStackTrace();
} finally {
// release any connection resources used by the method
httpget.releaseConnection();
}
}
public class ConsoleAuthPrompter implements CredentialsProvider {
private BufferedReader in = null;
public ConsoleAuthPrompter() {
super();
this.in = new BufferedReader(new
InputStreamReader(System.in));
}
private String readConsole() throws IOException {
return this.in.readLine();
}
public Credentials getCredentials(final AuthScheme authscheme,
String host, int port,
boolean proxy) throws
CredentialsNotAvailableException {
if (authscheme == null) {
return null;
}
try {
if (authscheme instanceof NTLMScheme) {
System.out.println(host + ":" + port +
" requires Windows authentication
- realm " +
authscheme.getRealm());
String domain ="abcd";
String user = "abcdefgh";
String password = "zysaere";
return new NTCredentials(user, password, host,
domain);
} else if (authscheme instanceof RFC2617Scheme) {
String domain ="abcd";
String user = "abcdefgh";
String password = "zysaere";
return new UsernamePasswordCredentials(user,
password);
} else {
throw new
CredentialsNotAvailableException("Unsupported authentication scheme: " +
authscheme.getSchemeName());
}
} catch (IOException e) {
throw new
CredentialsNotAvailableException(e.getMessage(), e);
}
}
}
}
********************** end here
Thanks,
Naresh Kumar
-----Original Message-----
From: Roland Weber [mailto:ROLWEBER@de.ibm.com]
Sent: Friday, May 04, 2007 2:06 PM
To: HttpClient User Discussion
Subject: RE: windows authentication problem
Hello Naresh,
> Yes I am authenticating with NTLM against the server, and successfully
> get back a redirect (when I do getResponseBodyAsString on the
getMethod
> the index page content is displayed). As you said how should I use
> HttpState for redirection any idea on the same?
Unless you manage HttpState explicitly, the default state is
kept in the HttpClient object. Make sure to create only one
HttpClient and use that for all requests.
> For your reference I am attaching the source so that you can correct
me
> if something is wrong with this code?
Attachments will be filtered by the mailing list software.
You have to send code samples inline.
hope that helps,
Roland
****************IMPORTANT--PLEASE READ*******************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. If this electronic message contains a zipped attachment and you do
not have a decompression tool, you may download unZIP (free of cost) from:
http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
that the attachment be resent in an uncompressed format. Thank you.
************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: windows authentication problem
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Naresh,
> Yes I am authenticating with NTLM against the server, and successfully
> get back a redirect (when I do getResponseBodyAsString on the getMethod
> the index page content is displayed). As you said how should I use
> HttpState for redirection any idea on the same?
Unless you manage HttpState explicitly, the default state is
kept in the HttpClient object. Make sure to create only one
HttpClient and use that for all requests.
> For your reference I am attaching the source so that you can correct me
> if something is wrong with this code?
Attachments will be filtered by the mailing list software.
You have to send code samples inline.
hope that helps,
Roland
RE: windows authentication problem
Posted by Naresh Koutam <na...@aptuit.com>.
Hi Roland,
Thanks for the responses.
Yes I am authenticating with NTLM against the server, and successfully
get back a redirect (when I do getResponseBodyAsString on the getMethod
the index page content is displayed). As you said how should I use
HttpState for redirection any idea on the same?
For your reference I am attaching the source so that you can correct me
if something is wrong with this code?
Thanks,
Naresh Kumar
-----Original Message-----
From: Roland Weber [mailto:ROLWEBER@de.ibm.com]
Sent: Friday, May 04, 2007 12:23 PM
To: HttpClient User Discussion
Subject: RE: windows authentication problem
Hello Naresh,
I don't have code snippets. Sorry if I got you wrong regarding
authentication. So you authenticate with NTLM against the
server, and you successfully get back a redirect? Make sure
to use the same HttpState when following that redirect with
HttpClient, then the request to the index page should be
just as authentic as then one that brought you the redirect.
NTLM is a connection-based authentication scheme, not
a session-based one. Each request must be authenticated,
you can not just authenticate once and then send further
requests without authentication.
hope that helps,
Roland
****************IMPORTANT--PLEASE READ*******************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. If this electronic message contains a zipped attachment and you do
not have a decompression tool, you may download unZIP (free of cost) from:
http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
that the attachment be resent in an uncompressed format. Thank you.
************************************************************************
RE: windows authentication problem
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Naresh,
I don't have code snippets. Sorry if I got you wrong regarding
authentication. So you authenticate with NTLM against the
server, and you successfully get back a redirect? Make sure
to use the same HttpState when following that redirect with
HttpClient, then the request to the index page should be
just as authentic as then one that brought you the redirect.
NTLM is a connection-based authentication scheme, not
a session-based one. Each request must be authenticated,
you can not just authenticate once and then send further
requests without authentication.
hope that helps,
Roland
RE: windows authentication problem
Posted by Naresh Koutam <na...@aptuit.com>.
Hi Roland,
1. If you authenticate against the proxy with HttpClient.
I am not authenticating with proxy. We have proxy and I am using the
following code
HttpClient client = new HttpClient();
client.getHostConfiguration().setProxy("xxx.xxx.x.xx", 8080);
2. Then you should also use HttpClient to read index.asp Make sure to
use the same HttpState, then the credentials from the first
authentication will be available for later requests, too.
Please help I am not sure how to get the above working. It would great
if you could share code snippet.
Thanks,
Naresh
-----Original Message-----
From: Roland Weber [mailto:ROLWEBER@de.ibm.com]
Sent: Friday, May 04, 2007 11:56 AM
To: HttpClient User Discussion
Subject: RE: windows authentication problem
Hello Naresh,
> Oops, Ok let me put it this way. We used HttpClient to authenticate
with
> ASP application (enabled Https) behind NTLM. We want to display the
> index.asp after successful authentication with the IIS 5 NTLM. When we
> try to redirect to index.asp after authentication, username/password
> popup is prompted. Our problem can we do this HttpClient.
HttpClient never pops up a user dialog. If you authenticate
against the proxy with HttpClient, then you should also use
HttpClient to read index.asp. Make sure to use the same
HttpState, then the credentials from the first authentication
will be available for later requests, too.
hope that helps,
Roland
****************IMPORTANT--PLEASE READ*******************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. If this electronic message contains a zipped attachment and you do
not have a decompression tool, you may download unZIP (free of cost) from:
http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
that the attachment be resent in an uncompressed format. Thank you.
************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: windows authentication problem
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Naresh,
> Oops, Ok let me put it this way. We used HttpClient to authenticate with
> ASP application (enabled Https) behind NTLM. We want to display the
> index.asp after successful authentication with the IIS 5 NTLM. When we
> try to redirect to index.asp after authentication, username/password
> popup is prompted. Our problem can we do this HttpClient.
HttpClient never pops up a user dialog. If you authenticate
against the proxy with HttpClient, then you should also use
HttpClient to read index.asp. Make sure to use the same
HttpState, then the credentials from the first authentication
will be available for later requests, too.
hope that helps,
Roland
RE: windows authentication problem
Posted by Naresh Koutam <na...@aptuit.com>.
Hi Oleg Kalnichevski,
Oops, Ok let me put it this way. We used HttpClient to authenticate with
ASP application (enabled Https) behind NTLM. We want to display the
index.asp after successful authentication with the IIS 5 NTLM. When we
try to redirect to index.asp after authentication, username/password
popup is prompted. Our problem can we do this HttpClient.
Thanks,
Naresh Kumar
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Thursday, May 03, 2007 5:27 PM
To: HttpClient User Discussion
Subject: Re: windows authentication problem
On Thu, 2007-05-03 at 06:28 -0500, Naresh Koutam wrote:
>
> Hi,
>
> We are working on a project which requires us to interact with an ASP
> on IIS 5 behind Https with windows authentication. There is a link to
> this ASP application on click of this the user should auto login with
> the available credentials (username and password are read from
> properties file). But when we used HttpClient we are able to get the
> Index page content as a String in the program.But to our agony when we
> try to access the URL through the Java Program after HttpClient
> authentication, windows authentication popup is thrown. Is there any I
> could navigate to next page after authentication?
>
>
>
> We are behind a Proxy, the same program works fine with an ASP
> application which is running on IIS 6 with Https and Windows
> Authentication.=20
>
>
>
> ISAPI filter rewriting is the only why or do we have some solution
with
> Java and related technologies.
>
>
Naresh
I am afraid I do not quite understand what the problem is.
Please see if these resources could be of some help:
http://jakarta.apache.org/commons/httpclient/troubleshooting.html
http://jakarta.apache.org/commons/httpclient/authentication.html
http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions
Oleg
>
> Thanks,
>
> Naresh Kumar Koutam
>
>
>
>
> ****************IMPORTANT--PLEASE READ*******************
> This electronic message, including its attachments, is COMPANY
CONFIDENTIAL
> and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you
are
> not the intended recipient, you are hereby notified that any use,
disclosure,
> copying, or distribution of this message or any of the information
included
> in it is unauthorized and strictly prohibited. If you have received
this
> message in error, please immediately notify the sender by reply e-mail
and
> permanently delete this message and its attachments, along with any
copies
> thereof. If this electronic message contains a zipped attachment and
you do
> not have a decompression tool, you may download unZIP (free of cost)
from:
> http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may
request
> that the attachment be resent in an uncompressed format. Thank
you.
>
************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
****************IMPORTANT--PLEASE READ*******************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. If this electronic message contains a zipped attachment and you do
not have a decompression tool, you may download unZIP (free of cost) from:
http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
that the attachment be resent in an uncompressed format. Thank you.
************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: windows authentication problem
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2007-05-03 at 06:28 -0500, Naresh Koutam wrote:
>
> Hi,
>
> We are working on a project which requires us to interact with an ASP
> on IIS 5 behind Https with windows authentication. There is a link to
> this ASP application on click of this the user should auto login with
> the available credentials (username and password are read from
> properties file). But when we used HttpClient we are able to get the
> Index page content as a String in the program.But to our agony when we
> try to access the URL through the Java Program after HttpClient
> authentication, windows authentication popup is thrown. Is there any I
> could navigate to next page after authentication?
>
>
>
> We are behind a Proxy, the same program works fine with an ASP
> application which is running on IIS 6 with Https and Windows
> Authentication.=20
>
>
>
> ISAPI filter rewriting is the only why or do we have some solution with
> Java and related technologies.
>
>
Naresh
I am afraid I do not quite understand what the problem is.
Please see if these resources could be of some help:
http://jakarta.apache.org/commons/httpclient/troubleshooting.html
http://jakarta.apache.org/commons/httpclient/authentication.html
http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions
Oleg
>
> Thanks,
>
> Naresh Kumar Koutam
>
>
>
>
> ****************IMPORTANT--PLEASE READ*******************
> This electronic message, including its attachments, is COMPANY CONFIDENTIAL
> and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
> not the intended recipient, you are hereby notified that any use, disclosure,
> copying, or distribution of this message or any of the information included
> in it is unauthorized and strictly prohibited. If you have received this
> message in error, please immediately notify the sender by reply e-mail and
> permanently delete this message and its attachments, along with any copies
> thereof. If this electronic message contains a zipped attachment and you do
> not have a decompression tool, you may download unZIP (free of cost) from:
> http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request
> that the attachment be resent in an uncompressed format. Thank you.
> ************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org