New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle gracefully scenarios where NTLM auth persist only for a single… #363

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
1 participant
@iboukris
Contributor

iboukris commented Aug 3, 2015

… request

Currently when the server responds with 401 on NTLM authenticated connection (re-used)
we consider authentication to have failed.
However this is legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header).

Implemented by imploying an additional state once a connection is re-used to indicate
that if we receive 401 we need to restart authentication.


It is a new approach instead of what I've suggested at PR #250 (detailed there).

Link to MS doc about 'authPersistSingleRequest':
https://msdn.microsoft.com/en-us/library/aa347472(v=VS.90).aspx

Link to MS blog explaining why this may occur when using proxy:
http://blogs.technet.com/b/isablog/archive/2009/07/30/excessive-authentication-traffic-accessing-an-iis-site-when-using-isa-server-2006-as-forward-proxy.aspx

Thanks,
Isaac B.

Handle gracefully scenarios where NTLM auth persist only for a single…
… request

Currently when the server responds with 401 on NTLM authenticated connection (re-used)
we consider it to have failed.
However this is legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header).

Implemented by imploying an additional state once a connection is re-used to indicate
that if we receive 401 we need to restart authentication.

@bagder bagder closed this in fe6049f Aug 6, 2015

@iboukris iboukris deleted the iboukris:ntlm_persist_single branch Aug 11, 2015

jgsogo added a commit to jgsogo/curl that referenced this pull request Oct 19, 2015

NTLM: handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed.  However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).

Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.

Closes curl#363
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment