Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Does anyone have a successful example of TIdHTTP and NTLM?


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 13 - Last Post: Feb 21, 2017 10:04 AM Last Post By: Alan Kamrowski,... Threads: [ Previous | Next ]
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 7, 2017 8:45 AM
Hi Everyone,

Does anyone have a successful example of TIdHTTP and NTLM?

I've searched the web and tried many things. I'll take a working delphi example if that is all you have...

Thanks,

Alan
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 8, 2017 12:06 PM   in response to: Alan Kamrowski,... in response to: Alan Kamrowski,...
Alan wrote:

Does anyone have a successful example of TIdHTTP and NTLM?

I've searched the web and tried many things.

What exactly have you tried?

In theory, all you should have to do is add one of the following statements
to your C++ code to activate TIdHTTP's NTLM support code:

#include <IdAuthenticationNTLM.hpp>
or
#include <IdAuthenticationSSPI.hpp>
or
#include <IdAllAuthentications.hpp>


And then you should be able to use TIdHTTP's Request->UserName and Request->Password
properties as needed. You might need to use TIdHTTP's OnSelectAuthorization
event to ensure TIdHTTP chooses the correct class for servers that support
NTLM.

In practice, note that:

- TIdNTLMAuthentication is dependant on OpenSSL, so you would have to deploy
that with your app.

- TIdSSPINTLMAuthentication is Windows-specific, so it won't work on other
platforms.

--
Remy Lebeau (TeamB)
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 10:38 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
I was able to get it working with ICS, but I'd still like to figure out the INDY if you have some time.

Can you give an example of what the OnSelectAuthorization should look like?
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 11:44 AM   in response to: Alan Kamrowski,... in response to: Alan Kamrowski,...
Alan wrote:

Can you give an example of what the OnSelectAuthorization
should look like?

The OnSelectAuthorization event has two parameters of importance:

- var AuthenticationClass: TIdAuthenticationClass

Specifies the intended TIdAuthentication class type to use for authentication.
Upon enter, this parameter is set to Indy's default choice based on available
known classes, or nil if no match is found. You can assign a different class
if needed.

- AuthInfo: TIdHeaderList

This contains a list of the 'WWW-Authenticate' header values received from
the server. These headers specify the authentications that the server is
willing to accept.

So, you need to analyze the content of the AuthInfo list and return an appropriate
TIdAuthentication class. Indy already does this by default, based on the
TIdAuthentication classes that have been registered (which is why you have
to #include the relavant 'IdAuthentication...' header files to invoke registrations
at runtime). But maybe the ordering of the headers is in a different priority
order than you would like. Or maybe multiple classes implement the same
authentication in different ways so you want to favor one class over another.
That is why the OnSelectAuthorization event exists, to let you make those
kinds of decisions.

For example:

#include <IdAuthenticationNTLM.hpp>
 
void __fastcall TMyForm::IdHTTP1SelectAuthorization(TObject *Sender, TIdAuthenticationClass 
&AuthenticationClass, TIdHeaderList *AuthInfo)
{
    for(int i = 0; i < AuthInfo->Count; ++i)
    {
        String S = AuthInfo->Strings[i];
        if (Fetch(S) == "NTLM")
        {
            AuthenticationClass = __classid(TIdNTLMAuthentication);
            return;
        }
    }
}


--
Remy Lebeau (TeamB)
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 12:17 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hi Remy,

The code does find the "NTLM", but I still can't get it to connect. I tried the SSPINTLM as well.

Thanks,

Alan
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 2:43 PM   in response to: Alan Kamrowski,... in response to: Alan Kamrowski,...
Alan wrote:

The code does find the "NTLM", but I still can't get it to connect.
I tried the SSPINTLM as well.

Can you be more specific? What is the actual problem you are having?

--
Remy Lebeau (TeamB)
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 5:11 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Can you be more specific? What is the actual problem you are having?

Sure, no matter what I try, I always get:

HTTP/1.1 401 Unauthorized

Thanks,

Alan
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 5:39 PM   in response to: Alan Kamrowski,... in response to: Alan Kamrowski,...
Alan wrote:

Sure, no matter what I try, I always get:

HTTP/1.1 401 Unauthorized

A 401 means the server is asking for authentication, or is moving forward
to the next step in a multi-step authentication. NTLM is a 2-step authentcation.
If you are getting more than 2 401s, it means the server is not accepting
the credentials you are sending.

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 9, 2017 5:43 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy wrote:

A 401 means the server is asking for authentication, or is moving
forward to the next step in a multi-step authentication. NTLM is a
2-step authentcation. If you are getting more than 2 401s, it means
the server is not accepting the credentials you are sending.

BTW, just to check, are you using HTTP 1.1 with HTTP keep-alives enabled?

--
Remy Lebeau (TeamB)
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 10, 2017 6:00 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
BTW, just to check, are you using HTTP 1.1 with HTTP keep-alives enabled?

I'm not sure - the ProtocolVersion is set to pv1_1.
Michael Morelli

Posts: 6
Registered: 6/26/14
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 20, 2017 1:56 AM   in response to: Alan Kamrowski,... in response to: Alan Kamrowski,...
Hi Alan,

does your NTLM authentication works now?
I have faced the same problem! But instead of error 401 I get the http 407 'Auth. required' error.

Cheers,
Mike
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 20, 2017 8:37 AM   in response to: Michael Morelli in response to: Michael Morelli
does your NTLM authentication works now?
I have faced the same problem! But instead of error 401 I get the http 407 'Auth. required' error.

Not with Indy. I could never get it to work with Indy.

I am using ICS and it works though.
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 21, 2017 9:34 AM   in response to: Alan Kamrowski,... in response to: Alan Kamrowski,...
Alan wrote:

Not with Indy. I could never get it to work with Indy.

Do you have an server I can run NTLM tests with? I have no way of testing
NTLM locally.

Since you can get it working with ICS, have you tried using a packet sniffer,
like Wireshark or Fiddler, to see if there is any difference between ICS's
authentication and Indy's authentication?

--
Remy Lebeau (TeamB)
Alan Kamrowski,...

Posts: 30
Registered: 6/16/99
Re: Does anyone have a successful example of TIdHTTP and NTLM?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 21, 2017 10:04 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Do you have an server I can run NTLM tests with? I have no way of testing
NTLM locally.

Unfortunately I can't release the info for the server I was provided for testing.

Since you can get it working with ICS, have you tried using a packet sniffer,
like Wireshark or Fiddler, to see if there is any difference between ICS's
authentication and Indy's authentication?

I haven't, but I might be able to try if I get some time.

Thanks,

Alan
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02