Handle gracefully scenarios where NTLM auth persist only for a single… #363
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
… request
Currently when the server responds with 401 on NTLM authenticated connection (re-used)
we consider authentication to have failed.
However this is legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header).
Implemented by imploying an additional state once a connection is re-used to indicate
that if we receive 401 we need to restart authentication.
It is a new approach instead of what I've suggested at PR #250 (detailed there).
Link to MS doc about 'authPersistSingleRequest':
https://msdn.microsoft.com/en-us/library/aa347472(v=VS.90).aspx
Link to MS blog explaining why this may occur when using proxy:
http://blogs.technet.com/b/isablog/archive/2009/07/30/excessive-authentication-traffic-accessing-an-iis-site-when-using-isa-server-2006-as-forward-proxy.aspx
Thanks,
Isaac B.