Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle gracefully scenarios where NTLM auth persist only for a single… #363

Closed
wants to merge 1 commit into from

Conversation

@iboukris
Copy link
Contributor

@iboukris iboukris commented Aug 3, 2015

… request

Currently when the server responds with 401 on NTLM authenticated connection (re-used)
we consider authentication to have failed.
However this is legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header).

Implemented by imploying an additional state once a connection is re-used to indicate
that if we receive 401 we need to restart authentication.


It is a new approach instead of what I've suggested at PR #250 (detailed there).

Link to MS doc about 'authPersistSingleRequest':
https://msdn.microsoft.com/en-us/library/aa347472(v=VS.90).aspx

Link to MS blog explaining why this may occur when using proxy:
http://blogs.technet.com/b/isablog/archive/2009/07/30/excessive-authentication-traffic-accessing-an-iis-site-when-using-isa-server-2006-as-forward-proxy.aspx

Thanks,
Isaac B.

… request

Currently when the server responds with 401 on NTLM authenticated connection (re-used)
we consider it to have failed.
However this is legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header).

Implemented by imploying an additional state once a connection is re-used to indicate
that if we receive 401 we need to restart authentication.
@bagder bagder closed this in fe6049f Aug 6, 2015
@iboukris iboukris deleted the iboukris:ntlm_persist_single branch Aug 11, 2015
jgsogo added a commit to jgsogo/curl that referenced this pull request Oct 19, 2015
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed.  However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).

Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.

Closes curl#363
@lock lock bot locked as resolved and limited conversation to collaborators Jan 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant