You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Michael Prichard <mi...@mac.com> on 2008/01/10 21:22:37 UTC
Trying to Authenticate to MS Exchange 2003
Hello All,
I am trying to authenticate to MS Exchange as follows:
HttpClient client = new HttpClient();
NTCredentials creds = new NTCredentials(_username, _password,
"localhost", _domain);
// set credentials for connection
client.getState().setCredentials(new AuthScope(_exchangeServer,
AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
GetMethod get = new GetMethod(prootPath);
get.setDoAuthentication(true);
status = client.executeMethod(get);
When I hit the server I get this back:
Jan 10, 2008 3:10:54 PM
org.apache.commons.httpclient.auth.AuthChallengeProcessor
selectAuthScheme
INFO: ntlm authentication scheme selected
Jan 10, 2008 3:10:54 PM
org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
INFO: Failure authenticating with NTLM <any
realm>@mail.exchangeserver.com:443
I had it working with my internal test server but now when trying to
connect to other servers I am getting Auth issues. Ideas?
Thanks!
Michael
Re: Trying to Authenticate to MS Exchange 2003
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2008-01-11 at 09:36 -0500, Michael Prichard wrote:
> Ooops...I did not fully read the first message. Sorry.
>
> The interesting thing is that when using the browser to hit that
> server it does not give me a form based login screen like other
> exchange servers. It pops up a window..very much like you see when
> you set up a .htaccess with BASIC auth. Hmmm....any libs out there
> that support NTLM?
>
http://jcifs.samba.org/
Oleg
> On Jan 11, 2008, at 9:27 AM, Oleg Kalnichevski wrote:
>
> >
> > On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:
> >> What does this mean? Does it mean the username and password are
> >> being sent on an open wire?
> >>
> >
> > That is exactly what I was trying to tell you in my previous post.
> >
> > Oleg
> >
> >
> >> On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
> >>
> >>>
> >>> On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
> >>>> Yes, I got this to work by adding this:
> >>>>
> >>>> // Sets whether authentication should be attempted preemptively.
> >>>> client.getParams().setAuthenticationPreemptive( true );
> >>>>
> >>>
> >>> When authenticating preemptively you ARE NOT using NTLM. (I guess
> >>> it's
> >>> fine as long as you are aware of this fact and its security
> >>> implications)
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> Thanks!
> >>>>
> >>>> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
> >>>>
> >>>>>
> >>>>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
> >>>>>> Ok....figured this one out. Add this:
> >>>>>>
> >>>>>> // Sets whether authentication should be attempted
> >>>>>> preemptively.
> >>>>>> client.getParams().setAuthenticationPreemptive( true );
> >>>>>>
> >>>>>>
> >>>>>> And it seems to work perfectly. No idea why! Anyone?
> >>>>>>
> >>>>>
> >>>>> This is because BASIC authentication (read: username/password
> >>>>> sent in
> >>>>> clear text) is used to authenticate preemptively, not NTLM.
> >>>>>
> >>>>> Apparently the credentials are OK, since you are able to
> >>>>> authenticate
> >>>>> using BASIC. So, most likely the server has been configured to use
> >>>>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
> >>>>>
> >>>>> For details see
> >>>>>
> >>>>> http://wiki.apache.org/jakarta-httpclient/
> >>>>> FrequentlyAskedNTLMQuestions
> >>>>>
> >>>>> Oleg
> >>>>>
> >>>>>
> >>>>>> Thx.
> >>>>>>
> >>>>>>
> >>>>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
> >>>>>>
> >>>>>>> Hello All,
> >>>>>>>
> >>>>>>> I am trying to authenticate to MS Exchange as follows:
> >>>>>>>
> >>>>>>> HttpClient client = new HttpClient();
> >>>>>>> NTCredentials creds = new NTCredentials(_username, _password,
> >>>>>>> "localhost", _domain);
> >>>>>>> // set credentials for connection
> >>>>>>> client.getState().setCredentials(new AuthScope
> >>>>>>> (_exchangeServer,
> >>>>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
> >>>>>>> GetMethod get = new GetMethod(prootPath);
> >>>>>>> get.setDoAuthentication(true);
> >>>>>>> status = client.executeMethod(get);
> >>>>>>>
> >>>>>>> When I hit the server I get this back:
> >>>>>>>
> >>>>>>> Jan 10, 2008 3:10:54 PM
> >>>>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >>>>>>> selectAuthScheme
> >>>>>>> INFO: ntlm authentication scheme selected
> >>>>>>> Jan 10, 2008 3:10:54 PM
> >>>>>>> org.apache.commons.httpclient.HttpMethodDirector
> >>>>>>> processWWWAuthChallenge
> >>>>>>> INFO: Failure authenticating with NTLM <any
> >>>>>>> realm>@mail.exchangeserver.com:443
> >>>>>>>
> >>>>>>> I had it working with my internal test server but now when
> >>>>>>> trying
> >>>>>>> to connect to other servers I am getting Auth issues. Ideas?
> >>>>>>>
> >>>>>>> Thanks!
> >>>>>>> Michael
> >>>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------------------------------------------
> >>>>> --
> >>>>> -
> >>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>>>> For additional commands, e-mail: httpclient-users-
> >>>>> help@hc.apache.org
> >>>>>
> >>>>
> >>>>
> >>>> -------------------------------------------------------------------
> >>>> --
> >>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>>> For additional commands, e-mail: httpclient-users-
> >>>> help@hc.apache.org
> >>>>
> >>>>
> >>>
> >>>
> >>> --------------------------------------------------------------------
> >>> -
> >>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Michael Prichard <mi...@mac.com>.
Ooops...I did not fully read the first message. Sorry.
The interesting thing is that when using the browser to hit that
server it does not give me a form based login screen like other
exchange servers. It pops up a window..very much like you see when
you set up a .htaccess with BASIC auth. Hmmm....any libs out there
that support NTLM?
On Jan 11, 2008, at 9:27 AM, Oleg Kalnichevski wrote:
>
> On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:
>> What does this mean? Does it mean the username and password are
>> being sent on an open wire?
>>
>
> That is exactly what I was trying to tell you in my previous post.
>
> Oleg
>
>
>> On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
>>
>>>
>>> On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
>>>> Yes, I got this to work by adding this:
>>>>
>>>> // Sets whether authentication should be attempted preemptively.
>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>
>>>
>>> When authenticating preemptively you ARE NOT using NTLM. (I guess
>>> it's
>>> fine as long as you are aware of this fact and its security
>>> implications)
>>>
>>> Oleg
>>>
>>>
>>>> Thanks!
>>>>
>>>> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
>>>>
>>>>>
>>>>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
>>>>>> Ok....figured this one out. Add this:
>>>>>>
>>>>>> // Sets whether authentication should be attempted
>>>>>> preemptively.
>>>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>>>
>>>>>>
>>>>>> And it seems to work perfectly. No idea why! Anyone?
>>>>>>
>>>>>
>>>>> This is because BASIC authentication (read: username/password
>>>>> sent in
>>>>> clear text) is used to authenticate preemptively, not NTLM.
>>>>>
>>>>> Apparently the credentials are OK, since you are able to
>>>>> authenticate
>>>>> using BASIC. So, most likely the server has been configured to use
>>>>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
>>>>>
>>>>> For details see
>>>>>
>>>>> http://wiki.apache.org/jakarta-httpclient/
>>>>> FrequentlyAskedNTLMQuestions
>>>>>
>>>>> Oleg
>>>>>
>>>>>
>>>>>> Thx.
>>>>>>
>>>>>>
>>>>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
>>>>>>
>>>>>>> Hello All,
>>>>>>>
>>>>>>> I am trying to authenticate to MS Exchange as follows:
>>>>>>>
>>>>>>> HttpClient client = new HttpClient();
>>>>>>> NTCredentials creds = new NTCredentials(_username, _password,
>>>>>>> "localhost", _domain);
>>>>>>> // set credentials for connection
>>>>>>> client.getState().setCredentials(new AuthScope
>>>>>>> (_exchangeServer,
>>>>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
>>>>>>> GetMethod get = new GetMethod(prootPath);
>>>>>>> get.setDoAuthentication(true);
>>>>>>> status = client.executeMethod(get);
>>>>>>>
>>>>>>> When I hit the server I get this back:
>>>>>>>
>>>>>>> Jan 10, 2008 3:10:54 PM
>>>>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
>>>>>>> selectAuthScheme
>>>>>>> INFO: ntlm authentication scheme selected
>>>>>>> Jan 10, 2008 3:10:54 PM
>>>>>>> org.apache.commons.httpclient.HttpMethodDirector
>>>>>>> processWWWAuthChallenge
>>>>>>> INFO: Failure authenticating with NTLM <any
>>>>>>> realm>@mail.exchangeserver.com:443
>>>>>>>
>>>>>>> I had it working with my internal test server but now when
>>>>>>> trying
>>>>>>> to connect to other servers I am getting Auth issues. Ideas?
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Michael
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --
>>>>> -
>>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>>> For additional commands, e-mail: httpclient-users-
>>>>> help@hc.apache.org
>>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> --
>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>> For additional commands, e-mail: httpclient-users-
>>>> help@hc.apache.org
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Michael Prichard <mi...@mac.com>.
Ok thanks. Sorry to be such a pain.
On Jan 11, 2008, at 9:57 AM, Oleg Kalnichevski wrote:
>
> On Fri, 2008-01-11 at 09:42 -0500, Michael Prichard wrote:
>> Ok, so this is the header I get from the server when initializing:
>>
>> 2008/01/11 09:38:14:292 EST [DEBUG] header - >> "User-Agent: Jakarta
>> Commons-HttpClient/3.0.1[\r][\n]"
>> 2008/01/11 09:38:14:292 EST [DEBUG] header - >> "Host:
>> mail.exchange.com[\r][\n]"
>> 2008/01/11 09:38:14:292 EST [DEBUG] header - >> "[\r][\n]"
>> 2008/01/11 09:38:14:947 EST [DEBUG] header - << "HTTP/1.1 401
>> Unauthorized[\r][\n]"
>> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Connection: Keep-
>> Alive[\r][\n]"
>> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Length: 83
>> [\r][\n]"
>> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Date: Fri, 11 Jan
>> 2008 14:41:45 GMT[\r][\n]"
>> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Type: text/
>> html[\r][\n]"
>> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Server: Microsoft-
>> IIS/6.0[\r][\n]"
>> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "WWW-Authenticate:
>> Negotiate[\r][\n]"
>> 2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
>> NTLM[\r][\n]"
>> 2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
>> Basic realm="mail.exchange.com"[\r][\n]"
>>
>>
>> Does the "WWW-Authenticate: NTLM[\r][\n]" mean that it has NTLM
>> auth?
>>
>> Thanks.
>>
>
> Michael,
>
> What's the point in responding to your questions if you do not read my
> responses? The server does seem to support NTLM (not a very big
> surprise
> given the fact it is Microsoft Exchange 2003) but apparently the
> server
> has been configured to accept NTLMv2 only (newer version of the auth
> scheme), whereas HttpClient can only talk NTLMv1 (older version).
>
> Oleg
>
>>
>> On Jan 11, 2008, at 9:27 AM, Oleg Kalnichevski wrote:
>>
>>>
>>> On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:
>>>> What does this mean? Does it mean the username and password are
>>>> being sent on an open wire?
>>>>
>>>
>>> That is exactly what I was trying to tell you in my previous post.
>>>
>>> Oleg
>>>
>>>
>>>> On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
>>>>
>>>>>
>>>>> On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
>>>>>> Yes, I got this to work by adding this:
>>>>>>
>>>>>> // Sets whether authentication should be attempted
>>>>>> preemptively.
>>>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>>>
>>>>>
>>>>> When authenticating preemptively you ARE NOT using NTLM. (I guess
>>>>> it's
>>>>> fine as long as you are aware of this fact and its security
>>>>> implications)
>>>>>
>>>>> Oleg
>>>>>
>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
>>>>>>
>>>>>>>
>>>>>>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
>>>>>>>> Ok....figured this one out. Add this:
>>>>>>>>
>>>>>>>> // Sets whether authentication should be attempted
>>>>>>>> preemptively.
>>>>>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>>>>>
>>>>>>>>
>>>>>>>> And it seems to work perfectly. No idea why! Anyone?
>>>>>>>>
>>>>>>>
>>>>>>> This is because BASIC authentication (read: username/password
>>>>>>> sent in
>>>>>>> clear text) is used to authenticate preemptively, not NTLM.
>>>>>>>
>>>>>>> Apparently the credentials are OK, since you are able to
>>>>>>> authenticate
>>>>>>> using BASIC. So, most likely the server has been configured
>>>>>>> to use
>>>>>>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
>>>>>>>
>>>>>>> For details see
>>>>>>>
>>>>>>> http://wiki.apache.org/jakarta-httpclient/
>>>>>>> FrequentlyAskedNTLMQuestions
>>>>>>>
>>>>>>> Oleg
>>>>>>>
>>>>>>>
>>>>>>>> Thx.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
>>>>>>>>
>>>>>>>>> Hello All,
>>>>>>>>>
>>>>>>>>> I am trying to authenticate to MS Exchange as follows:
>>>>>>>>>
>>>>>>>>> HttpClient client = new HttpClient();
>>>>>>>>> NTCredentials creds = new NTCredentials(_username,
>>>>>>>>> _password,
>>>>>>>>> "localhost", _domain);
>>>>>>>>> // set credentials for connection
>>>>>>>>> client.getState().setCredentials(new AuthScope
>>>>>>>>> (_exchangeServer,
>>>>>>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
>>>>>>>>> GetMethod get = new GetMethod(prootPath);
>>>>>>>>> get.setDoAuthentication(true);
>>>>>>>>> status = client.executeMethod(get);
>>>>>>>>>
>>>>>>>>> When I hit the server I get this back:
>>>>>>>>>
>>>>>>>>> Jan 10, 2008 3:10:54 PM
>>>>>>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
>>>>>>>>> selectAuthScheme
>>>>>>>>> INFO: ntlm authentication scheme selected
>>>>>>>>> Jan 10, 2008 3:10:54 PM
>>>>>>>>> org.apache.commons.httpclient.HttpMethodDirector
>>>>>>>>> processWWWAuthChallenge
>>>>>>>>> INFO: Failure authenticating with NTLM <any
>>>>>>>>> realm>@mail.exchangeserver.com:443
>>>>>>>>>
>>>>>>>>> I had it working with my internal test server but now when
>>>>>>>>> trying
>>>>>>>>> to connect to other servers I am getting Auth issues. Ideas?
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>> Michael
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----------------------------------------------------------------
>>>>>>> --
>>>>>>> --
>>>>>>> -
>>>>>>> To unsubscribe, e-mail: httpclient-users-
>>>>>>> unsubscribe@hc.apache.org
>>>>>>> For additional commands, e-mail: httpclient-users-
>>>>>>> help@hc.apache.org
>>>>>>>
>>>>>>
>>>>>>
>>>>>> -----------------------------------------------------------------
>>>>>> --
>>>>>> --
>>>>>> To unsubscribe, e-mail: httpclient-users-
>>>>>> unsubscribe@hc.apache.org
>>>>>> For additional commands, e-mail: httpclient-users-
>>>>>> help@hc.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --
>>>>> -
>>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>>> For additional commands, e-mail: httpclient-users-
>>>>> help@hc.apache.org
>>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> --
>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>> For additional commands, e-mail: httpclient-users-
>>>> help@hc.apache.org
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2008-01-11 at 09:42 -0500, Michael Prichard wrote:
> Ok, so this is the header I get from the server when initializing:
>
> 2008/01/11 09:38:14:292 EST [DEBUG] header - >> "User-Agent: Jakarta
> Commons-HttpClient/3.0.1[\r][\n]"
> 2008/01/11 09:38:14:292 EST [DEBUG] header - >> "Host:
> mail.exchange.com[\r][\n]"
> 2008/01/11 09:38:14:292 EST [DEBUG] header - >> "[\r][\n]"
> 2008/01/11 09:38:14:947 EST [DEBUG] header - << "HTTP/1.1 401
> Unauthorized[\r][\n]"
> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Connection: Keep-
> Alive[\r][\n]"
> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Length: 83
> [\r][\n]"
> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Date: Fri, 11 Jan
> 2008 14:41:45 GMT[\r][\n]"
> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Type: text/
> html[\r][\n]"
> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "Server: Microsoft-
> IIS/6.0[\r][\n]"
> 2008/01/11 09:38:14:950 EST [DEBUG] header - << "WWW-Authenticate:
> Negotiate[\r][\n]"
> 2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
> NTLM[\r][\n]"
> 2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
> Basic realm="mail.exchange.com"[\r][\n]"
>
>
> Does the "WWW-Authenticate: NTLM[\r][\n]" mean that it has NTLM auth?
>
> Thanks.
>
Michael,
What's the point in responding to your questions if you do not read my
responses? The server does seem to support NTLM (not a very big surprise
given the fact it is Microsoft Exchange 2003) but apparently the server
has been configured to accept NTLMv2 only (newer version of the auth
scheme), whereas HttpClient can only talk NTLMv1 (older version).
Oleg
>
> On Jan 11, 2008, at 9:27 AM, Oleg Kalnichevski wrote:
>
> >
> > On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:
> >> What does this mean? Does it mean the username and password are
> >> being sent on an open wire?
> >>
> >
> > That is exactly what I was trying to tell you in my previous post.
> >
> > Oleg
> >
> >
> >> On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
> >>
> >>>
> >>> On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
> >>>> Yes, I got this to work by adding this:
> >>>>
> >>>> // Sets whether authentication should be attempted preemptively.
> >>>> client.getParams().setAuthenticationPreemptive( true );
> >>>>
> >>>
> >>> When authenticating preemptively you ARE NOT using NTLM. (I guess
> >>> it's
> >>> fine as long as you are aware of this fact and its security
> >>> implications)
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> Thanks!
> >>>>
> >>>> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
> >>>>
> >>>>>
> >>>>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
> >>>>>> Ok....figured this one out. Add this:
> >>>>>>
> >>>>>> // Sets whether authentication should be attempted
> >>>>>> preemptively.
> >>>>>> client.getParams().setAuthenticationPreemptive( true );
> >>>>>>
> >>>>>>
> >>>>>> And it seems to work perfectly. No idea why! Anyone?
> >>>>>>
> >>>>>
> >>>>> This is because BASIC authentication (read: username/password
> >>>>> sent in
> >>>>> clear text) is used to authenticate preemptively, not NTLM.
> >>>>>
> >>>>> Apparently the credentials are OK, since you are able to
> >>>>> authenticate
> >>>>> using BASIC. So, most likely the server has been configured to use
> >>>>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
> >>>>>
> >>>>> For details see
> >>>>>
> >>>>> http://wiki.apache.org/jakarta-httpclient/
> >>>>> FrequentlyAskedNTLMQuestions
> >>>>>
> >>>>> Oleg
> >>>>>
> >>>>>
> >>>>>> Thx.
> >>>>>>
> >>>>>>
> >>>>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
> >>>>>>
> >>>>>>> Hello All,
> >>>>>>>
> >>>>>>> I am trying to authenticate to MS Exchange as follows:
> >>>>>>>
> >>>>>>> HttpClient client = new HttpClient();
> >>>>>>> NTCredentials creds = new NTCredentials(_username, _password,
> >>>>>>> "localhost", _domain);
> >>>>>>> // set credentials for connection
> >>>>>>> client.getState().setCredentials(new AuthScope
> >>>>>>> (_exchangeServer,
> >>>>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
> >>>>>>> GetMethod get = new GetMethod(prootPath);
> >>>>>>> get.setDoAuthentication(true);
> >>>>>>> status = client.executeMethod(get);
> >>>>>>>
> >>>>>>> When I hit the server I get this back:
> >>>>>>>
> >>>>>>> Jan 10, 2008 3:10:54 PM
> >>>>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >>>>>>> selectAuthScheme
> >>>>>>> INFO: ntlm authentication scheme selected
> >>>>>>> Jan 10, 2008 3:10:54 PM
> >>>>>>> org.apache.commons.httpclient.HttpMethodDirector
> >>>>>>> processWWWAuthChallenge
> >>>>>>> INFO: Failure authenticating with NTLM <any
> >>>>>>> realm>@mail.exchangeserver.com:443
> >>>>>>>
> >>>>>>> I had it working with my internal test server but now when
> >>>>>>> trying
> >>>>>>> to connect to other servers I am getting Auth issues. Ideas?
> >>>>>>>
> >>>>>>> Thanks!
> >>>>>>> Michael
> >>>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------------------------------------------
> >>>>> --
> >>>>> -
> >>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>>>> For additional commands, e-mail: httpclient-users-
> >>>>> help@hc.apache.org
> >>>>>
> >>>>
> >>>>
> >>>> -------------------------------------------------------------------
> >>>> --
> >>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>>> For additional commands, e-mail: httpclient-users-
> >>>> help@hc.apache.org
> >>>>
> >>>>
> >>>
> >>>
> >>> --------------------------------------------------------------------
> >>> -
> >>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Michael Prichard <mi...@mac.com>.
Ok, so this is the header I get from the server when initializing:
2008/01/11 09:38:14:292 EST [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0.1[\r][\n]"
2008/01/11 09:38:14:292 EST [DEBUG] header - >> "Host:
mail.exchange.com[\r][\n]"
2008/01/11 09:38:14:292 EST [DEBUG] header - >> "[\r][\n]"
2008/01/11 09:38:14:947 EST [DEBUG] header - << "HTTP/1.1 401
Unauthorized[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Connection: Keep-
Alive[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Length: 83
[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Date: Fri, 11 Jan
2008 14:41:45 GMT[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Content-Type: text/
html[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "Server: Microsoft-
IIS/6.0[\r][\n]"
2008/01/11 09:38:14:950 EST [DEBUG] header - << "WWW-Authenticate:
Negotiate[\r][\n]"
2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
NTLM[\r][\n]"
2008/01/11 09:38:14:951 EST [DEBUG] header - << "WWW-Authenticate:
Basic realm="mail.exchange.com"[\r][\n]"
Does the "WWW-Authenticate: NTLM[\r][\n]" mean that it has NTLM auth?
Thanks.
On Jan 11, 2008, at 9:27 AM, Oleg Kalnichevski wrote:
>
> On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:
>> What does this mean? Does it mean the username and password are
>> being sent on an open wire?
>>
>
> That is exactly what I was trying to tell you in my previous post.
>
> Oleg
>
>
>> On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
>>
>>>
>>> On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
>>>> Yes, I got this to work by adding this:
>>>>
>>>> // Sets whether authentication should be attempted preemptively.
>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>
>>>
>>> When authenticating preemptively you ARE NOT using NTLM. (I guess
>>> it's
>>> fine as long as you are aware of this fact and its security
>>> implications)
>>>
>>> Oleg
>>>
>>>
>>>> Thanks!
>>>>
>>>> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
>>>>
>>>>>
>>>>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
>>>>>> Ok....figured this one out. Add this:
>>>>>>
>>>>>> // Sets whether authentication should be attempted
>>>>>> preemptively.
>>>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>>>
>>>>>>
>>>>>> And it seems to work perfectly. No idea why! Anyone?
>>>>>>
>>>>>
>>>>> This is because BASIC authentication (read: username/password
>>>>> sent in
>>>>> clear text) is used to authenticate preemptively, not NTLM.
>>>>>
>>>>> Apparently the credentials are OK, since you are able to
>>>>> authenticate
>>>>> using BASIC. So, most likely the server has been configured to use
>>>>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
>>>>>
>>>>> For details see
>>>>>
>>>>> http://wiki.apache.org/jakarta-httpclient/
>>>>> FrequentlyAskedNTLMQuestions
>>>>>
>>>>> Oleg
>>>>>
>>>>>
>>>>>> Thx.
>>>>>>
>>>>>>
>>>>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
>>>>>>
>>>>>>> Hello All,
>>>>>>>
>>>>>>> I am trying to authenticate to MS Exchange as follows:
>>>>>>>
>>>>>>> HttpClient client = new HttpClient();
>>>>>>> NTCredentials creds = new NTCredentials(_username, _password,
>>>>>>> "localhost", _domain);
>>>>>>> // set credentials for connection
>>>>>>> client.getState().setCredentials(new AuthScope
>>>>>>> (_exchangeServer,
>>>>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
>>>>>>> GetMethod get = new GetMethod(prootPath);
>>>>>>> get.setDoAuthentication(true);
>>>>>>> status = client.executeMethod(get);
>>>>>>>
>>>>>>> When I hit the server I get this back:
>>>>>>>
>>>>>>> Jan 10, 2008 3:10:54 PM
>>>>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
>>>>>>> selectAuthScheme
>>>>>>> INFO: ntlm authentication scheme selected
>>>>>>> Jan 10, 2008 3:10:54 PM
>>>>>>> org.apache.commons.httpclient.HttpMethodDirector
>>>>>>> processWWWAuthChallenge
>>>>>>> INFO: Failure authenticating with NTLM <any
>>>>>>> realm>@mail.exchangeserver.com:443
>>>>>>>
>>>>>>> I had it working with my internal test server but now when
>>>>>>> trying
>>>>>>> to connect to other servers I am getting Auth issues. Ideas?
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Michael
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --
>>>>> -
>>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>>> For additional commands, e-mail: httpclient-users-
>>>>> help@hc.apache.org
>>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> --
>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>> For additional commands, e-mail: httpclient-users-
>>>> help@hc.apache.org
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
Re: Trying to Authenticate to MS Exchange 2003
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2008-01-11 at 09:24 -0500, Michael Prichard wrote:
> What does this mean? Does it mean the username and password are
> being sent on an open wire?
>
That is exactly what I was trying to tell you in my previous post.
Oleg
> On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
>
> >
> > On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
> >> Yes, I got this to work by adding this:
> >>
> >> // Sets whether authentication should be attempted preemptively.
> >> client.getParams().setAuthenticationPreemptive( true );
> >>
> >
> > When authenticating preemptively you ARE NOT using NTLM. (I guess it's
> > fine as long as you are aware of this fact and its security
> > implications)
> >
> > Oleg
> >
> >
> >> Thanks!
> >>
> >> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
> >>
> >>>
> >>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
> >>>> Ok....figured this one out. Add this:
> >>>>
> >>>> // Sets whether authentication should be attempted preemptively.
> >>>> client.getParams().setAuthenticationPreemptive( true );
> >>>>
> >>>>
> >>>> And it seems to work perfectly. No idea why! Anyone?
> >>>>
> >>>
> >>> This is because BASIC authentication (read: username/password
> >>> sent in
> >>> clear text) is used to authenticate preemptively, not NTLM.
> >>>
> >>> Apparently the credentials are OK, since you are able to
> >>> authenticate
> >>> using BASIC. So, most likely the server has been configured to use
> >>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
> >>>
> >>> For details see
> >>>
> >>> http://wiki.apache.org/jakarta-httpclient/
> >>> FrequentlyAskedNTLMQuestions
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> Thx.
> >>>>
> >>>>
> >>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
> >>>>
> >>>>> Hello All,
> >>>>>
> >>>>> I am trying to authenticate to MS Exchange as follows:
> >>>>>
> >>>>> HttpClient client = new HttpClient();
> >>>>> NTCredentials creds = new NTCredentials(_username, _password,
> >>>>> "localhost", _domain);
> >>>>> // set credentials for connection
> >>>>> client.getState().setCredentials(new AuthScope(_exchangeServer,
> >>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
> >>>>> GetMethod get = new GetMethod(prootPath);
> >>>>> get.setDoAuthentication(true);
> >>>>> status = client.executeMethod(get);
> >>>>>
> >>>>> When I hit the server I get this back:
> >>>>>
> >>>>> Jan 10, 2008 3:10:54 PM
> >>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >>>>> selectAuthScheme
> >>>>> INFO: ntlm authentication scheme selected
> >>>>> Jan 10, 2008 3:10:54 PM
> >>>>> org.apache.commons.httpclient.HttpMethodDirector
> >>>>> processWWWAuthChallenge
> >>>>> INFO: Failure authenticating with NTLM <any
> >>>>> realm>@mail.exchangeserver.com:443
> >>>>>
> >>>>> I had it working with my internal test server but now when trying
> >>>>> to connect to other servers I am getting Auth issues. Ideas?
> >>>>>
> >>>>> Thanks!
> >>>>> Michael
> >>>>
> >>>
> >>>
> >>> --------------------------------------------------------------------
> >>> -
> >>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Michael Prichard <mi...@mac.com>.
What does this mean? Does it mean the username and password are
being sent on an open wire?
On Jan 11, 2008, at 9:12 AM, Oleg Kalnichevski wrote:
>
> On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
>> Yes, I got this to work by adding this:
>>
>> // Sets whether authentication should be attempted preemptively.
>> client.getParams().setAuthenticationPreemptive( true );
>>
>
> When authenticating preemptively you ARE NOT using NTLM. (I guess it's
> fine as long as you are aware of this fact and its security
> implications)
>
> Oleg
>
>
>> Thanks!
>>
>> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
>>
>>>
>>> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
>>>> Ok....figured this one out. Add this:
>>>>
>>>> // Sets whether authentication should be attempted preemptively.
>>>> client.getParams().setAuthenticationPreemptive( true );
>>>>
>>>>
>>>> And it seems to work perfectly. No idea why! Anyone?
>>>>
>>>
>>> This is because BASIC authentication (read: username/password
>>> sent in
>>> clear text) is used to authenticate preemptively, not NTLM.
>>>
>>> Apparently the credentials are OK, since you are able to
>>> authenticate
>>> using BASIC. So, most likely the server has been configured to use
>>> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
>>>
>>> For details see
>>>
>>> http://wiki.apache.org/jakarta-httpclient/
>>> FrequentlyAskedNTLMQuestions
>>>
>>> Oleg
>>>
>>>
>>>> Thx.
>>>>
>>>>
>>>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
>>>>
>>>>> Hello All,
>>>>>
>>>>> I am trying to authenticate to MS Exchange as follows:
>>>>>
>>>>> HttpClient client = new HttpClient();
>>>>> NTCredentials creds = new NTCredentials(_username, _password,
>>>>> "localhost", _domain);
>>>>> // set credentials for connection
>>>>> client.getState().setCredentials(new AuthScope(_exchangeServer,
>>>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
>>>>> GetMethod get = new GetMethod(prootPath);
>>>>> get.setDoAuthentication(true);
>>>>> status = client.executeMethod(get);
>>>>>
>>>>> When I hit the server I get this back:
>>>>>
>>>>> Jan 10, 2008 3:10:54 PM
>>>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
>>>>> selectAuthScheme
>>>>> INFO: ntlm authentication scheme selected
>>>>> Jan 10, 2008 3:10:54 PM
>>>>> org.apache.commons.httpclient.HttpMethodDirector
>>>>> processWWWAuthChallenge
>>>>> INFO: Failure authenticating with NTLM <any
>>>>> realm>@mail.exchangeserver.com:443
>>>>>
>>>>> I had it working with my internal test server but now when trying
>>>>> to connect to other servers I am getting Auth issues. Ideas?
>>>>>
>>>>> Thanks!
>>>>> Michael
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2008-01-11 at 09:06 -0500, Michael Prichard wrote:
> Yes, I got this to work by adding this:
>
> // Sets whether authentication should be attempted preemptively.
> client.getParams().setAuthenticationPreemptive( true );
>
When authenticating preemptively you ARE NOT using NTLM. (I guess it's
fine as long as you are aware of this fact and its security
implications)
Oleg
> Thanks!
>
> On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
>
> >
> > On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
> >> Ok....figured this one out. Add this:
> >>
> >> // Sets whether authentication should be attempted preemptively.
> >> client.getParams().setAuthenticationPreemptive( true );
> >>
> >>
> >> And it seems to work perfectly. No idea why! Anyone?
> >>
> >
> > This is because BASIC authentication (read: username/password sent in
> > clear text) is used to authenticate preemptively, not NTLM.
> >
> > Apparently the credentials are OK, since you are able to authenticate
> > using BASIC. So, most likely the server has been configured to use
> > NTLMv2 only, whereas HttpClient supports NTLMv1 only.
> >
> > For details see
> >
> > http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions
> >
> > Oleg
> >
> >
> >> Thx.
> >>
> >>
> >> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
> >>
> >>> Hello All,
> >>>
> >>> I am trying to authenticate to MS Exchange as follows:
> >>>
> >>> HttpClient client = new HttpClient();
> >>> NTCredentials creds = new NTCredentials(_username, _password,
> >>> "localhost", _domain);
> >>> // set credentials for connection
> >>> client.getState().setCredentials(new AuthScope(_exchangeServer,
> >>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
> >>> GetMethod get = new GetMethod(prootPath);
> >>> get.setDoAuthentication(true);
> >>> status = client.executeMethod(get);
> >>>
> >>> When I hit the server I get this back:
> >>>
> >>> Jan 10, 2008 3:10:54 PM
> >>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >>> selectAuthScheme
> >>> INFO: ntlm authentication scheme selected
> >>> Jan 10, 2008 3:10:54 PM
> >>> org.apache.commons.httpclient.HttpMethodDirector
> >>> processWWWAuthChallenge
> >>> INFO: Failure authenticating with NTLM <any
> >>> realm>@mail.exchangeserver.com:443
> >>>
> >>> I had it working with my internal test server but now when trying
> >>> to connect to other servers I am getting Auth issues. Ideas?
> >>>
> >>> Thanks!
> >>> Michael
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Michael Prichard <mi...@mac.com>.
Yes, I got this to work by adding this:
// Sets whether authentication should be attempted preemptively.
client.getParams().setAuthenticationPreemptive( true );
Thanks!
On Jan 11, 2008, at 7:08 AM, Oleg Kalnichevski wrote:
>
> On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
>> Ok....figured this one out. Add this:
>>
>> // Sets whether authentication should be attempted preemptively.
>> client.getParams().setAuthenticationPreemptive( true );
>>
>>
>> And it seems to work perfectly. No idea why! Anyone?
>>
>
> This is because BASIC authentication (read: username/password sent in
> clear text) is used to authenticate preemptively, not NTLM.
>
> Apparently the credentials are OK, since you are able to authenticate
> using BASIC. So, most likely the server has been configured to use
> NTLMv2 only, whereas HttpClient supports NTLMv1 only.
>
> For details see
>
> http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions
>
> Oleg
>
>
>> Thx.
>>
>>
>> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
>>
>>> Hello All,
>>>
>>> I am trying to authenticate to MS Exchange as follows:
>>>
>>> HttpClient client = new HttpClient();
>>> NTCredentials creds = new NTCredentials(_username, _password,
>>> "localhost", _domain);
>>> // set credentials for connection
>>> client.getState().setCredentials(new AuthScope(_exchangeServer,
>>> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
>>> GetMethod get = new GetMethod(prootPath);
>>> get.setDoAuthentication(true);
>>> status = client.executeMethod(get);
>>>
>>> When I hit the server I get this back:
>>>
>>> Jan 10, 2008 3:10:54 PM
>>> org.apache.commons.httpclient.auth.AuthChallengeProcessor
>>> selectAuthScheme
>>> INFO: ntlm authentication scheme selected
>>> Jan 10, 2008 3:10:54 PM
>>> org.apache.commons.httpclient.HttpMethodDirector
>>> processWWWAuthChallenge
>>> INFO: Failure authenticating with NTLM <any
>>> realm>@mail.exchangeserver.com:443
>>>
>>> I had it working with my internal test server but now when trying
>>> to connect to other servers I am getting Auth issues. Ideas?
>>>
>>> Thanks!
>>> Michael
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2008-01-10 at 16:06 -0500, Michael Prichard wrote:
> Ok....figured this one out. Add this:
>
> // Sets whether authentication should be attempted preemptively.
> client.getParams().setAuthenticationPreemptive( true );
>
>
> And it seems to work perfectly. No idea why! Anyone?
>
This is because BASIC authentication (read: username/password sent in
clear text) is used to authenticate preemptively, not NTLM.
Apparently the credentials are OK, since you are able to authenticate
using BASIC. So, most likely the server has been configured to use
NTLMv2 only, whereas HttpClient supports NTLMv1 only.
For details see
http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions
Oleg
> Thx.
>
>
> On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
>
> > Hello All,
> >
> > I am trying to authenticate to MS Exchange as follows:
> >
> > HttpClient client = new HttpClient();
> > NTCredentials creds = new NTCredentials(_username, _password,
> > "localhost", _domain);
> > // set credentials for connection
> > client.getState().setCredentials(new AuthScope(_exchangeServer,
> > AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
> > GetMethod get = new GetMethod(prootPath);
> > get.setDoAuthentication(true);
> > status = client.executeMethod(get);
> >
> > When I hit the server I get this back:
> >
> > Jan 10, 2008 3:10:54 PM
> > org.apache.commons.httpclient.auth.AuthChallengeProcessor
> > selectAuthScheme
> > INFO: ntlm authentication scheme selected
> > Jan 10, 2008 3:10:54 PM
> > org.apache.commons.httpclient.HttpMethodDirector
> > processWWWAuthChallenge
> > INFO: Failure authenticating with NTLM <any
> > realm>@mail.exchangeserver.com:443
> >
> > I had it working with my internal test server but now when trying
> > to connect to other servers I am getting Auth issues. Ideas?
> >
> > Thanks!
> > Michael
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trying to Authenticate to MS Exchange 2003
Posted by Michael Prichard <mi...@mac.com>.
Ok....figured this one out. Add this:
// Sets whether authentication should be attempted preemptively.
client.getParams().setAuthenticationPreemptive( true );
And it seems to work perfectly. No idea why! Anyone?
Thx.
On Jan 10, 2008, at 3:22 PM, Michael Prichard wrote:
> Hello All,
>
> I am trying to authenticate to MS Exchange as follows:
>
> HttpClient client = new HttpClient();
> NTCredentials creds = new NTCredentials(_username, _password,
> "localhost", _domain);
> // set credentials for connection
> client.getState().setCredentials(new AuthScope(_exchangeServer,
> AuthScope.ANY_PORT, AuthScope.ANY_REALM), creds);
> GetMethod get = new GetMethod(prootPath);
> get.setDoAuthentication(true);
> status = client.executeMethod(get);
>
> When I hit the server I get this back:
>
> Jan 10, 2008 3:10:54 PM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected
> Jan 10, 2008 3:10:54 PM
> org.apache.commons.httpclient.HttpMethodDirector
> processWWWAuthChallenge
> INFO: Failure authenticating with NTLM <any
> realm>@mail.exchangeserver.com:443
>
> I had it working with my internal test server but now when trying
> to connect to other servers I am getting Auth issues. Ideas?
>
> Thanks!
> Michael