NTLM authentication with a proxy
Development toolkit for Web Services and XML data bindings for C & C++
Brought to you by:
engelen
Menu
▾
▴
#1255 NTLM authentication with a proxy
Hello. I'm trying to use gSOAP with NTLM authentication and a proxy. So, I added soap->ntlm_challenge = "", userid and pass and without the proxy it works without any problem.
But with the proxy I have an error at soap_ntlm_handshake (stdsoap2.cpp) here:
if (soap->status != 401 && soap->status != 407)
return soap->error = SOAP_NTLM_ERROR;
[GSoapExecution::errnumbertag] = 49
Because a return status from HTTPS is 200. And If I add "&& soap->status != 200" then it stuck after this in the "if (soap->proxyhost)" block here:
soap->imode &= ~SOAPENC; / mask IO and ENC /
userid = soap->userid; / preserve /
passwd = soap->passwd; / preserve /
soap->error = soap->fparse(soap);
With the log output "Waiting for HTTP request/response..." and there is no a second request in sent.log. And if skip the part after soap_ntlm_handshake I have a second request with proper "Proxy-Authorization: NTLM ...", but anyway I have an authentication error.
Also I tried to use it with NTLM and proxy via Python (suds) and it works well.
So, could you please say, what should I add to resolve this problem?
omode SOAP_ENC_SSL (also tried with SOAP_IO_KEEPALIVE)
ssl_flags = SOAP_SSL_NO_AUTHENTICATION
socket_flags = MSG_NOSIGNAL
gSOAP v2.8.91 (and also 2.8.78), Ubuntu 18.04
Rather than doing that, you may have to remove the assignment to
soap->ntlm_challengeto let the algorithm perform all steps needed, instead of trying a shortcut.Without this
soap->ntlm_challenge = ""results about the same:A first attempt returned authentication error and a second one stuck on "Waiting for HTTP request/response..." and after several minutes "Read 0 bytes from socket=4/fd=0"
I checked the docs https://docs.microsoft.com/en-us/openspecs/office_protocols/ms-grvhenc/b9e676e7-e787-4020-9840-7cfe7c76044a
If you specify
soap->proxy_hostandsoap->proxy_portwithsoap->ntlm_challenge = ""then the steps to complete the handshake appear to be OK. The HTTP(S) 200 is handled elsewhere intcp_connectbranch forsoap->proxy_host, not insoap_ntlm_handshake. The final HTTP(S) 200 OK happens after sending the CONNECT request (around line 5862) and the proxy server should response with 200 OK (around line 5875). If this does not succeed then the credentials may not be correct, or the host/port combination is not correct. You may want to use-DDEBUGto generate RECV.log and SENT.log and share those with us so we can see what is going on.Any luck generating the log files? You may want to use -DDEBUG to generate RECV.log and SENT.log and share those with us so we can see what is going on.