Handle gracefully scenarios where NTLM auth persist only for a single…#363
Closed
iboukris wants to merge 1 commit intocurl:masterfrom
Closed
Handle gracefully scenarios where NTLM auth persist only for a single…#363iboukris wants to merge 1 commit intocurl:masterfrom
iboukris wants to merge 1 commit intocurl:masterfrom
Conversation
… request Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication.
jgsogo
pushed a commit
to jgsogo/curl
that referenced
this pull request
Oct 19, 2015
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes curl#363
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… request
Currently when the server responds with 401 on NTLM authenticated connection (re-used)
we consider authentication to have failed.
However this is legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header).
Implemented by imploying an additional state once a connection is re-used to indicate
that if we receive 401 we need to restart authentication.
It is a new approach instead of what I've suggested at PR #250 (detailed there).
Link to MS doc about 'authPersistSingleRequest':
https://msdn.microsoft.com/en-us/library/aa347472(v=VS.90).aspx
Link to MS blog explaining why this may occur when using proxy:
http://blogs.technet.com/b/isablog/archive/2009/07/30/excessive-authentication-traffic-accessing-an-iis-site-when-using-isa-server-2006-as-forward-proxy.aspx
Thanks,
Isaac B.