08-08-2013, 02:47 PM
I'm having a failure authenticating against an IIS 7.5 server using Windows authentication (with some additional LDAP restrictions in the server's web.config file). It does work in the browsers (IE/Chrome/FireFox). Here's the function:
Member function WebServiceManager.CreatePagingLinks
The only reason for setting the user agent was to get it to match one of the browsers.
Fiddler shows the browsers invoking the URL three times - just the standard NTLM protocol (the first two requests fail with a 401 and the third works). Here's what I see from Fiddler for QM:
and the response is
FireFox has a similar request:
and the response is
Then FireFox make the second request but QM doesn't.
Some differences I see:
Not sure if any of this matters. Any hints welcomed.
I believe that this was working last week; there were some server side changes in the LDAP groups which broke things completely. When these were fixed the browser worked but QM did not. It is possible that there is some error in the server protocol but I don't see it.
Member function WebServiceManager.CreatePagingLinks
function str'FirstName str'LastName ARRAY(str)&pagingURLs ;; Invokes CreatePagingLinks web service
str encodedFirstName=FirstName.escape(9)
str encodedLastName=LastName.escape(9)
str getURL = F"http://blah.blah.org/WebServiceManager2/service.asmx/CreatePagingLinks?FirstName={encodedFirstName}&LastName={encodedLastName}"
str outputString
out getURL
IntSettings 0 "" "" 0 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36/QM2"
IntGetFile getURL outputString 4 INTERNET_FLAG_KEEP_CONNECTION
IXml xml=CreateXml
xml.FromString(outputString)
out outputString
ARRAY(IXmlNode) a
xml.Path("ArrayOfString/string" a)
out F"XML length {a.len} a is {a}"
int i
for i 0 a.len
,str pagingURL=pagingURLs[pagingURLs.redim(-1)]
,pagingURLs[i] = a[i].Value
,
ret 1The only reason for setting the user agent was to get it to match one of the browsers.
Fiddler shows the browsers invoking the URL three times - just the standard NTLM protocol (the first two requests fail with a 401 and the third works). Here's what I see from Fiddler for QM:
GET http://blah.blah.org/WebServiceManager2/service.asmx/CreatePagingLinks?FirstName=&LastName=Pomer HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36/QM2
Host: blah.blah.org
Connection: Keep-Alive
Pragma: no-cacheand the response is
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 08 Aug 2013 14:19:27 GMT
Content-Length: 1293
Proxy-Support: Session-Based-AuthenticationFireFox has a similar request:
GET http://blah.blah.org/WebServiceManager2/service.asmx/CreatePagingLinks?FirstName=&LastName=Pomer HTTP/1.1
Host: blah.blah.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-aliveand the response is
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 08 Aug 2013 14:23:10 GMT
Content-Length: 1293Then FireFox make the second request but QM doesn't.
Some differences I see:
- The Accept headers in FireFox - I think this is irrelevant for authentication
- QM has 'Pragma: no-cache'
- FireFox has DNT
- Case difference 'Keep-Alive' vs. 'keep-alive'
Not sure if any of this matters. Any hints welcomed.
I believe that this was working last week; there were some server side changes in the LDAP groups which broke things completely. When these were fixed the browser worked but QM did not. It is possible that there is some error in the server protocol but I don't see it.