You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Christoph Ernst | TRANSPOREON <er...@transporeon.com> on 2014/09/12 14:55:44 UTC
NTLM authentication fails
hi,
i'm trying to call a SOAP webservice hosted on an external webserver running IIS8 thru a Squid HTTP proxy.
normally i use CXF for webservice clients, but the version i'm using does not support NTLM auth.
i'm using the latest httpclient version (4.3.5)
my code: http://pastebin.com/YPuNWBer
debug log: http://pastebin.com/meT0K1FX
my credentials are formatted as: "DOMAIN/user:pass", like it is required by the NTCredentials(String) ctor
i have already *succesfully* tested the code with a local IIS 7.5 with and without the same proxy.
i was also able to succesfully authenticate using the following curl command
curl -v -x proxy:3128 --proxy-digest -U proxyuser "http://externalhost:8101/service.svc" -u "DOMAIN\user" --ntlm
can you tell me what could be the problem?
thanks in advance
br
christoph
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: NTLM authentication fails
Posted by Christoph Ernst | TRANSPOREON <er...@transporeon.com>.
fyi, the HttpURLConnection implementation works
-----Original Message-----
From: Christoph Ernst | TRANSPOREON [mailto:ernst@transporeon.com]
Sent: Freitag, 12. September 2014 17:03
To: HttpClient User Discussion
Subject: RE: NTLM authentication fails
i did some tests with 4.3.5 & JCIFSEngine and 4.4-alpha1, always get 401 i have compared the logs of all 3 versions and the only differences are the digest and ntlm hashes, but that's no surprise
i know the credentials work because it works with curl, here is the verbose output if you want to take a look: http://pastebin.com/2YqDgvbU
maybe it is really a incompatiblity with IIS8
the application will deployed on a linux servers, so i assume native windows apis won't help there
next option i will try is HttpUrlConnection, thanks for the hint vanita
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Freitag, 12. September 2014 16:49
To: HttpClient User Discussion
Subject: Re: NTLM authentication fails
On Fri, 2014-09-12 at 10:33 -0400, Chawla, Vanita wrote:
> Hi Christopher,
>
> Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while
> calling REST web service for me last year. I had issues with HTTP
> client version. You may want to try to see if you get past the
> NTLM/connection issues.
>
HttpUrlConnection makes use of Windows native APIs behind the scene, which naturally makes it more compatible than pure Java solutions. If HttpUrlConnection works for but you still want to stick with HttpClient you could consider using HttpClient 4.4 that also supports native Windows auth.
Oleg
> Thanks
>
> On 9/12/14, 10:28 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
>
> >On Fri, 2014-09-12 at 12:55 +0000, Christoph Ernst | TRANSPOREON wrote:
> >> hi,
> >> i'm trying to call a SOAP webservice hosted on an external
> >>webserver running IIS8 thru a Squid HTTP proxy.
> >> normally i use CXF for webservice clients, but the version i'm
> >>using does not support NTLM auth.
> >>
> >> i'm using the latest httpclient version (4.3.5) my code:
> >>http://pastebin.com/YPuNWBer debug log:
> >>http://pastebin.com/meT0K1FX my credentials are formatted as:
> >>"DOMAIN/user:pass", like it is required by the NTCredentials(String)
> >>ctor
> >>
> >> i have already *succesfully* tested the code with a local IIS 7.5
> >>with and without the same proxy.
> >> i was also able to succesfully authenticate using the following
> >>curl command curl -v -x proxy:3128 --proxy-digest -U proxyuser
> >>"http://externalhost:8101/service.svc" -u "DOMAIN\user" --ntlm
> >>
> >> can you tell me what could be the problem?
> >> thanks in advance
> >>
> >
> >I see nothing wrong with HTTP packets generated by HttpClient. It
> >looks like the server simply does not like your creds or there is
> >some sort of incompatibility with IIS8. You might want to try to give
> >JCIFS engine a try [1] and see if that makes any difference.
> >
> >Oleg
> >
> >[1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
�B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB � �[ X ܚX K��K[XZ[
����� �Y[
]\ \ ][ X ܚX P��˘\�X �K ܙ B ܈�Y��]�[ۘ[�� [X[ � ��K[XZ[
����� �Y[
]\ \ Z�[����˘\�X �K ܙ B B
RE: NTLM authentication fails
Posted by Christoph Ernst | TRANSPOREON <er...@transporeon.com>.
i did some tests with 4.3.5 & JCIFSEngine and 4.4-alpha1, always get 401
i have compared the logs of all 3 versions and the only differences are the digest and ntlm hashes, but that's no surprise
i know the credentials work because it works with curl, here is the verbose output if you want to take a look: http://pastebin.com/2YqDgvbU
maybe it is really a incompatiblity with IIS8
the application will deployed on a linux servers, so i assume native windows apis won't help there
next option i will try is HttpUrlConnection, thanks for the hint vanita
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Freitag, 12. September 2014 16:49
To: HttpClient User Discussion
Subject: Re: NTLM authentication fails
On Fri, 2014-09-12 at 10:33 -0400, Chawla, Vanita wrote:
> Hi Christopher,
>
> Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while
> calling REST web service for me last year. I had issues with HTTP
> client version. You may want to try to see if you get past the
> NTLM/connection issues.
>
HttpUrlConnection makes use of Windows native APIs behind the scene, which naturally makes it more compatible than pure Java solutions. If HttpUrlConnection works for but you still want to stick with HttpClient you could consider using HttpClient 4.4 that also supports native Windows auth.
Oleg
> Thanks
>
> On 9/12/14, 10:28 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
>
> >On Fri, 2014-09-12 at 12:55 +0000, Christoph Ernst | TRANSPOREON wrote:
> >> hi,
> >> i'm trying to call a SOAP webservice hosted on an external
> >>webserver running IIS8 thru a Squid HTTP proxy.
> >> normally i use CXF for webservice clients, but the version i'm
> >>using does not support NTLM auth.
> >>
> >> i'm using the latest httpclient version (4.3.5) my code:
> >>http://pastebin.com/YPuNWBer debug log:
> >>http://pastebin.com/meT0K1FX my credentials are formatted as:
> >>"DOMAIN/user:pass", like it is required by the NTCredentials(String)
> >>ctor
> >>
> >> i have already *succesfully* tested the code with a local IIS 7.5
> >>with and without the same proxy.
> >> i was also able to succesfully authenticate using the following
> >>curl command curl -v -x proxy:3128 --proxy-digest -U proxyuser
> >>"http://externalhost:8101/service.svc" -u "DOMAIN\user" --ntlm
> >>
> >> can you tell me what could be the problem?
> >> thanks in advance
> >>
> >
> >I see nothing wrong with HTTP packets generated by HttpClient. It
> >looks like the server simply does not like your creds or there is
> >some sort of incompatibility with IIS8. You might want to try to give
> >JCIFS engine a try [1] and see if that makes any difference.
> >
> >Oleg
> >
> >[1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: NTLM authentication fails
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2014-09-12 at 10:33 -0400, Chawla, Vanita wrote:
> Hi Christopher,
>
> Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while
> calling REST web service for me last year. I had issues with HTTP client
> version. You may want to try to see if you get past the NTLM/connection
> issues.
>
HttpUrlConnection makes use of Windows native APIs behind the scene,
which naturally makes it more compatible than pure Java solutions. If
HttpUrlConnection works for but you still want to stick with HttpClient
you could consider using HttpClient 4.4 that also supports native
Windows auth.
Oleg
> Thanks
>
> On 9/12/14, 10:28 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
>
> >On Fri, 2014-09-12 at 12:55 +0000, Christoph Ernst | TRANSPOREON wrote:
> >> hi,
> >> i'm trying to call a SOAP webservice hosted on an external webserver
> >>running IIS8 thru a Squid HTTP proxy.
> >> normally i use CXF for webservice clients, but the version i'm using
> >>does not support NTLM auth.
> >>
> >> i'm using the latest httpclient version (4.3.5)
> >> my code: http://pastebin.com/YPuNWBer
> >> debug log: http://pastebin.com/meT0K1FX
> >> my credentials are formatted as: "DOMAIN/user:pass", like it is
> >>required by the NTCredentials(String) ctor
> >>
> >> i have already *succesfully* tested the code with a local IIS 7.5 with
> >>and without the same proxy.
> >> i was also able to succesfully authenticate using the following curl
> >>command
> >> curl -v -x proxy:3128 --proxy-digest -U proxyuser
> >>"http://externalhost:8101/service.svc" -u "DOMAIN\user" --ntlm
> >>
> >> can you tell me what could be the problem?
> >> thanks in advance
> >>
> >
> >I see nothing wrong with HTTP packets generated by HttpClient. It looks
> >like the server simply does not like your creds or there is some sort of
> >incompatibility with IIS8. You might want to try to give JCIFS engine a
> >try [1] and see if that makes any difference.
> >
> >Oleg
> >
> >[1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: NTLM authentication fails
Posted by "Chawla, Vanita" <vc...@umassp.edu>.
Hi Christopher,
Java 6+ HttpUrlConnection worked seamlessly with NTLMv2 and IIS while
calling REST web service for me last year. I had issues with HTTP client
version. You may want to try to see if you get past the NTLM/connection
issues.
Thanks
On 9/12/14, 10:28 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
>On Fri, 2014-09-12 at 12:55 +0000, Christoph Ernst | TRANSPOREON wrote:
>> hi,
>> i'm trying to call a SOAP webservice hosted on an external webserver
>>running IIS8 thru a Squid HTTP proxy.
>> normally i use CXF for webservice clients, but the version i'm using
>>does not support NTLM auth.
>>
>> i'm using the latest httpclient version (4.3.5)
>> my code: http://pastebin.com/YPuNWBer
>> debug log: http://pastebin.com/meT0K1FX
>> my credentials are formatted as: "DOMAIN/user:pass", like it is
>>required by the NTCredentials(String) ctor
>>
>> i have already *succesfully* tested the code with a local IIS 7.5 with
>>and without the same proxy.
>> i was also able to succesfully authenticate using the following curl
>>command
>> curl -v -x proxy:3128 --proxy-digest -U proxyuser
>>"http://externalhost:8101/service.svc" -u "DOMAIN\user" --ntlm
>>
>> can you tell me what could be the problem?
>> thanks in advance
>>
>
>I see nothing wrong with HTTP packets generated by HttpClient. It looks
>like the server simply does not like your creds or there is some sort of
>incompatibility with IIS8. You might want to try to give JCIFS engine a
>try [1] and see if that makes any difference.
>
>Oleg
>
>[1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: NTLM authentication fails
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2014-09-12 at 12:55 +0000, Christoph Ernst | TRANSPOREON wrote:
> hi,
> i'm trying to call a SOAP webservice hosted on an external webserver running IIS8 thru a Squid HTTP proxy.
> normally i use CXF for webservice clients, but the version i'm using does not support NTLM auth.
>
> i'm using the latest httpclient version (4.3.5)
> my code: http://pastebin.com/YPuNWBer
> debug log: http://pastebin.com/meT0K1FX
> my credentials are formatted as: "DOMAIN/user:pass", like it is required by the NTCredentials(String) ctor
>
> i have already *succesfully* tested the code with a local IIS 7.5 with and without the same proxy.
> i was also able to succesfully authenticate using the following curl command
> curl -v -x proxy:3128 --proxy-digest -U proxyuser "http://externalhost:8101/service.svc" -u "DOMAIN\user" --ntlm
>
> can you tell me what could be the problem?
> thanks in advance
>
I see nothing wrong with HTTP packets generated by HttpClient. It looks
like the server simply does not like your creds or there is some sort of
incompatibility with IIS8. You might want to try to give JCIFS engine a
try [1] and see if that makes any difference.
Oleg
[1] http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org