Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix NTLM Proxy authentication issues. #387

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

haroldteramoto
Copy link

I found two issues when authenticating against NTLM Proxy on Mac OSX. I am testing AsiHttpRequest with Microsoft Forefront TMG server as the proxy.

Issue 1) Http request's user credential is used for proxy credential.

For most use cases, user will have proxy credential stored in the keychain.
Look for credential in keychain first, then use the http request credential.

Issue 2) From wireshark network traces, calling startRequest twice does not
actually send the NTLM proxy auth challenge response. The third startRequest
will send the auth challenge response and get past the proxy authentication.

There must be a different root cause for not responding for the NTLM auth challenge with the original code. By making the 3rd startRequest call, I can workaround this issue, however.

Issue 1) Http request's user credential is used for proxy credential.
For most use cases, user will have proxy credential stored in the keychain.
Look for credential in keychain first, then use the http request credential.

Issue 2) From wireshark network traces, calling startRequest twice does not
actually send the NTLM proxy auth challenge response.  The third startRequest
will send the auth challenge response and get past the proxy authentication.
@ShiQiao
Copy link

ShiQiao commented Mar 13, 2014

Thanks for your attention !

在 2014-3-13,上午12:13,haroldteramoto [email protected] 写道:

I found two issues when authenticating against NTLM Proxy on Mac OSX. I am testing AsiHttpRequest with Microsoft Forefront TMG server as the proxy.

Issue 1) Http request's user credential is used for proxy credential.

For most use cases, user will have proxy credential stored in the keychain.
Look for credential in keychain first, then use the http request credential.

Issue 2) From wireshark network traces, calling startRequest twice does not
actually send the NTLM proxy auth challenge response. The third startRequest
will send the auth challenge response and get past the proxy authentication.

There must be a different root cause for not responding for the NTLM auth challenge with the original code. By making the 3rd startRequest call, I can workaround this issue, however.

You can merge this Pull Request by running

git pull https://github.com/haroldteramoto/asi-http-request master
Or view, comment on, or merge it at:

#387

Commit Summary

Fix NTLM Proxy authentication issues.
File Changes

M Classes/ASIHTTPRequest.m (22)
Patch Links:

https://github.com/pokeb/asi-http-request/pull/387.patch
https://github.com/pokeb/asi-http-request/pull/387.diff

Reply to this email directly or view it on GitHub.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants