[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with ntlm authentication (message type-2)

From: Thomas Raddatz <thomas.raddatz@xxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Problems with ntlm authentication (message type-2)
Date: Thu, 28 Aug 2014 09:19:47 +0200

Timo,

You are welcome and thank you for keeping us up to date.

Best Regards,

Thomas.

Am 28.08.2014 07:47, schrieb Timo:
> Hello Thomas
> 
> �
> 
> you are right, I changed the program to not use NTLM authentication
> and got the right response from the server. Afterwards I discussed it
> with our SharePoint colleagues and they checked their security
> settings on the SharePoint server and found a difference between this
> services and the other services they provide. The standard services,
> which are built in in SharePoint have automatically set up NTLM, the
> actual service is an own written services which hasn�t set up NTLM.
> Now they decide to not use NTLM for this service. So we got it work
> without a problem. Thank you for your help on this.
> 
> �
> 
> Best regards,
> 
> �
> 
> Timo
> 
> 2014-08-24 14:53 GMT+02:00 Timo <[1]timoc1980@xxxxxxxxx>:
> 
> Hello Thomas
> 
> absolutley� no problem,� I was also on vacation the last weeks. I'm 
> pretty sure that all of our Sharepoint services are set up with� NTML
> authentication and I remember, that I've to set up NTML 
> authentication� in soapUI to get a response. The user name,� which is
> part of the URL, is for an� mapping� between the windows� user and
> the� IBM i user. For the authentication against the webservice we use
> a general user profile. I'll � remove http_setauth() from the program
> tomorrow and let you know if� it works nevertheless.
> 
> Thanks, Timo Am Dienstag, 19. August 2014 schrieb Thomas Raddatz :
> 
> Timo, Sorry for the late reply. First I was on vacation and then I had
> no Internet for a week due to a broken DSL router. Looking at your
> debug logs I notice some differences between the soapUI log and the
> WSDL2RPG log. First there is no NTLM authentication type-1 message
> sent by soapUI. But the user credentials are part of the URL: GET 
> /SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXM 
> L?mysiteUrl=http%3A%2F%2Fmy.company.corp&username=DE%5C%5CUserName&p 
> roperty=ERPImportData&value=%22PurchaseOrder%3D316888%22 HTTP/1.1 The
> next thing is that WSDL2RPG also sends the user credentials with the 
> URL, but also sends a type-1 NTLM message in order to start the 
> negotiation of the NTLM parameters: GET 
> /SPUserWebservice/SPUserWebservice.svc/rest/SetUserProfilePropertyXM 
> L?mysiteUrl=[2]http://my.company.corp&username=DE\\UserName&property 
> =ERPImportData&value="PurchaseOrder=316883" HTTP/1.1 Authorization:
> NTLM TlRMTVNTUAABAAAAByIAAAAAAAAAAAAACgAKACAAAABRUEFERVYwMEQ5 Since
> the server ignores the type-1 message and hence does not return a 
> type-2 message, WSDL2RPG complains about the missing type-2 message: 
> "failed validating type-2 message" But since the server did return the
> expected data, I assume that you can safely drop http_setauth() from
> your program. It seems as if the server is not set up for NTLM
> authentication. Regards, Thomas. Am 25.07.2014 17:05, schrieb Timo:
>> �  �  Hello
>> 
>> �  �  I'm calling a web Service (SharePoint REST service) which
> runs under
>> �  �  NTLM authentication using the NTLM patch written by Thomas. �
>> �  The debug log looks good till HTTPAPI tries to process the
> recvdoc()
>> �  �  procedure. The web service response is a simple true/false
> flag, we�ve
>> �  �  tried both for the response, json and xml which hasn�t any
> effect to
>> �  �  the error message. The error message in the debug log is
> �failed
>> �  �  validating type-2 message� which comes from NTMLR4 module.
> This is
>> �  �  confusing for me, because before the error message I�ve got
> an HTTP 200
>> �  �  response code and the correct response message so I�ve
> assumed that the
>> �  �  authentication process was successfully. So the question is
> why I�ve
>> �  �  got the �failed validating type-2 message� after the
> whole processing
>> �  �  with the webserver is done? I�ve seen in debug, that the
> field
>> �  �  ntlmType2Msg �  �  from dsAuth is empty before the check for
>> the message type:
>> 
>> �  �  � � ��  type2Msg = �  �
>> Message_decodeBase64(dsAuth.ntlmType2Msg);� � � � �
> � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � � �
> � � � � � � � � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � �
> � � � � � � � � � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � � �
> � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � ��  if (not
> Message_isType2(type2Msg));
>> �  �  � � � � � � � � � � � � � ��
> dsAuth.ntlmStatus =
>> �  �  NTLM_NONE;� � � � � � � � � � � � �
> � � � � � � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � � � �  �  � � � � � � � � � � � �
>> � ��
> SetError(HTTP_NDAUTH: ' failed validating
>> �  �  type-2 message'); �  �  � � � � � � � � � � � � � ��  rc
> =
>> �  �  -1;� � � � � � � � � � � � � �
> � � � � � � � � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � �
> � � � � � � � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � �  �  leave;� � � � � � � � � � �
>> � � �
> � � � � � � � � � � � � � � � � � � �
>> �  �  � � � � � � � � � � � � � � � �
> � � � � � � � � � � � � � � � � � � � �
>> �  �  � � �  �  � � � � � � � � � � ��  endif;�
>> 
>> �  �  I�ve attached the whole debug log and a log from SoapUI for
> the same
>> �  �  service.
>> 
>> �  �  Thanks,
>> 
>> �  �  Timo
>> 
>> 
>> 
>> 
> -------------------------------------------------------------------- 
> ---
>> This is the FTPAPI mailing list.�  To unsubscribe, please go to: 
>> [3]http://www.scottklement.com/mailman/listinfo/ftpapi
>> 
> -------------------------------------------------------------------- 
> ---
>> 
> -------------------------------------------------------------------- 
> --- This is the FTPAPI mailing list.�  To unsubscribe, please go to: 
> [4]http://www.scottklement.com/mailman/listinfo/ftpapi 
> -------------------------------------------------------------------- 
> ---
> 
> References
> 
> 1. mailto:timoc1980@xxxxxxxxx 2. http://my.company.corp/ 3.
> http://www.scottklement.com/mailman/listinfo/ftpapi 4.
> http://www.scottklement.com/mailman/listinfo/ftpapi
> 
> 
> 
> -----------------------------------------------------------------------
>
> 
This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi 
> -----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- Re: Problems with ntlm authentication (message type-2)
  - From: Thomas Raddatz
- Re: Problems with ntlm authentication (message type-2)
  - From: Timo
- Re: Problems with ntlm authentication (message type-2)
  - From: Timo

Prev by Date: Re: Problems with ntlm authentication (message type-2)
Next by Date: Re: Consume WCF web service with .svc extension
Previous by thread: Re: Problems with ntlm authentication (message type-2)
Next by thread: HTTPAPI and Authorize.Net
Index(es):
- Date
- Thread