[OpenSTA-devel] [ opensta-Bugs-730317 ] Bad Windows Auth handling
Brought to you by:
dansut
Menu
▾
▴
[OpenSTA-devel] [ opensta-Bugs-730317 ] Bad Windows Auth handling
|
From: SourceForge.net <no...@so...> - 2008-08-20 21:22:29
|
Bugs item #730317, was opened at 2003-04-30 10:24 Message generated for change (Comment added) made by sam_squarewave You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110857&aid=730317&group_id=10857 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: HTTP Capture Group: Design Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jerome Delamarche (trickyjer) Assigned to: Nobody/Anonymous (nobody) Summary: Bad Windows Auth handling Initial Comment: The script generated by the Modeler when the session requires a login/password cannot be replayed successfully. The Server first challenges for a "Basic" authentification, then it turns this auth. into a NTLM auth. The generated script includes statements such as: BUILD AUTHENTICATION BLOB & FOR BASIC & FROM USER "admin" PASSWORD "" DOMAIN "" & INTO blob_2_1 and further: Load Response_Info Header on 3 & Into blob_3_0 & ,WITH "WWW-Authenticate" BUILD AUTHENTICATION BLOB & FOR NTLM & FROM BLOB blob_3_0 & INTO blob_3_0 But requests are all denied by the Web server. IIS server just require a valid user for itself, it does not belong to a Windows Domain. ---------------------------------------------------------------------- Comment By: samuel greene (sam_squarewave) Date: 2008-08-20 14:22 Message: Logged In: YES user_id=2187702 Originator: NO I would love to see this fixed. I know us windows folks aren't supposed to use open source products though... ---------------------------------------------------------------------- Comment By: Brian Collins (brianavid) Date: 2005-06-23 06:35 Message: Logged In: YES user_id=1214182 Also note that the space declared for NTLM blobs is 256 CHARACTERS, but HTTP www-authenticate responses have been seen larger than this. I manually edit the generated declarations to 512 CHARACTERs to get it to work (mostly). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110857&aid=730317&group_id=10857 |