[AWS] Re: Re: get env on Win32

Anisimkov anisimkov@yahoo.com
Sun, 30 Sep 2001 16:28:27 +0600
Previous message: [AWS] AdaSockets 0.1.15
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- Original Message -----
From: "Pascal Obry" <p.obry@wanadoo.fr>
To: "Anisimkov" <anisimkov@yahoo.com>
Cc: <anders.wirzenius@pp.qnet.fi>
Sent: Saturday, September 29, 2001 13:25
Subject: Re: Re: get env on Win32


>
> Anisimkov writes:
>  > I catched up the TCP/IP between IIS and IE, and see that they both use
they
>  > own authentification scheme.
>  > Look at the http request header.
>  >
>  > GET /try/ HTTP/1.1
>  > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
>  > application/msword,
>  >  application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
>  > Accept-Language: en-us
>  > Accept-Encoding: gzip, deflate
>  > User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
>  > Host: vasetsky:8000
>  > Connection: Keep-Alive
>  > Authorization: NTLM
>  > TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAABIAEgBAAAAAEgASAFIAAAAS
>
> Ah ! Indeed NTLM is defined nowhere in the HTTP/1.1 standard AFAIK !
>
>  > in the IIS property of the Virtual Directory "/try/" was checked flag
>  > "Integrated Windows authentification".
>  > In this case IE does not ask user to enter the name/password.
>
> But this is a kind of privacy hole ! Does it means that when I browse the
Web
> with IE on a site built with IIS my name is sent ?

There is a property of the IE, either to ask user to enter name/password or
to use current NT user_name/password to logon to http server.

>  > But Netscape Navigator absolutely unable authentificate by this scheme,
>  > becouse it is non standard http authentification
>  > (MS likes to break standards ).
>  >
>  > IIS can support standard basic authentification too.
>  > Netscape browser able to authontificate to IIS this way.
>  > This way IE and NC users have to enter name/password manually.
>  >
>  > I think AWS is not going to support non standart Microsoft
authentification
>  > schemes.
>
> I agree. We will certainly not play this game. And anyway I think that IE
send
> this message ONLY if he knows to be talking to IIS, right ? So there is no
way
> for AWS to support that... except to lie and say that it is an IIS server
:)

IIS could propose own authentification scheme by the
WWW-Authenticate: NTLM
header line.

It is the first answer to the IIS Virtual directory secured by the
"Integrated Windows authentification"

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Sun, 30 Sep 2001 23:28:37 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: close
Content-Length: 3634
Content-Type: text/html

> BTW, Anders I think this whole thread should be fowarded to the AWS
mailing
> list. Maybe we will learn that many other peoples have the same need and
in
> this case I'm not against looking at a way to support this...

I'm sending this letter to the AWS mailing list too.


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Previous message: [AWS] AdaSockets 0.1.15
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]