Reputation: 267
NTLM v1 authentication only works with Fiddler2 not without
I have been pulling out my hair today with this issue. I have been developing an in-house app that does a succession of HTTP GET and POSTs to fill in a series of web-forms. The code works fine when I run through fiddler2 - the tool I was using to debug my GET URIs and POST FormData. Now I am not running fiddler2 I get an authentication 401 error. I would look at the header to compare but it's a bit hard without being able to run fiddler.
Basically my code works by access a URI and storing the cookie. Access to the site is controlled by SSO and as the server is running on 2003 it wants to use NTLMv1. The first issue I had with Windows 7 clients was Win7 would negotiate 128-bit whereas the server will only talk 64-bit and the authentication would fail (final 401). With fiddler2 and setting the group policy on the local machine to 64-bit I was then able to complete my work. I then turned the software into a web-service and found today there is an issue in that it fails. As I said before it all works fine with fiddler2 running leaving me a bit of hole as I can’t get every client to install and use fiddler2 just to get my functionality in!
First I have my function to store the cookie…. Then I have the another function that performs a get using that cookie the first function always fails with “The remote server returned an error: (401) Unauthorized.”
I’m hoping somewhere I have missed something obvious and I’m not trying to do something that is impossible.
Thanks, Al
/// <summary>
/// Function to get a cookie from a site providing the given site and credentials - this cookie then can be reused for subsequent calls
/// </summary>
/// <param name="credential">The NetworkCredential to access the site</param>
/// <param name="Uri">The Uri of the site</param>
/// <returns>A CookieContainer containing all needed cookies</returns>
private CookieContainer GetCookie(NetworkCredential credential, string Uri)
{
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(Uri);
HttpWebResponse resp;
CookieContainer cookieJar = new CookieContainer();
req.AllowAutoRedirect = true;
req.Credentials = credential;
req.CookieContainer = cookieJar;
resp = (HttpWebResponse)req.GetResponse(); // This line always fails with: The remote server returned an error: (401) Unauthorized.
return cookieJar;
}
/// <summary>
/// Function to perform a HTTP GET
/// </summary>
/// <param name="cookieJar">A CookieContainer for keeping the reference of our sessions</param>
/// <param name="credential">The Credentials to use to access the site</param>
/// <param name="Uri">The Uri to GET</param>
private void DoGet(CookieContainer cookieJar, NetworkCredential credential, string Uri)
{
HttpWebRequest req;
HttpWebResponse resp;
// Just grab the site uri where the cookie is stored
string[] UriParts = Uri.Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
Uri CookieUri = new Uri(UriParts[0] + "//" + UriParts[1]);
// Use cookie information to get first page of call entry
req = (HttpWebRequest)HttpWebRequest.Create(Uri);
req.CookieContainer = new CookieContainer();
req.CookieContainer.Add(cookieJar.GetCookies(CookieUri)[0]);
req.AllowAutoRedirect = true;
req.Credentials = credential;
req.CookieContainer = cookieJar;
resp = (HttpWebResponse)req.GetResponse();
}
Upvotes: 0
Views: 1194
Answers (2)
Reputation: 267
My solution was to force using NTLMv1 64-bit on the server. Not a solution for everyone I know but it works for us.
Upvotes: 0
Reputation: 11
I don't know the answer as yet, but I am experiencing the same issue albeit with a few difference. I too have a process that fails without fiddler2 running, works like a champ with. First off, we have a dispatcher application that connects to and sends raw Soap message to various web services and then receives the responses and passes them back to a database. For several services and over a good bit of time now, by the way these are out-of-house services, the process has been running without so much as a hick up. However, when we introduced a web service that just happens to have been developed in-house I started having the exact same issue.
What I first suspected was that fiddler, acting as a proxy, was somehow resolving a credentials issue. This may or may not be, but it seems like a good place to start. First off, I have so far tested with both :
IAsyncResult asyncResult = webRequest.BeginGetResponse(null, null);
and
HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse();
without resolve. Also, I have used
webRequest.Credentials = CredentialCache.DefaultCredentials;
and
webRequest.Credentials = CredentialCache.DefaultNetworkCredentials;
again, without resolve. I do believe you are onto something with the NTLMv1 and I'm thinking that maybe what we need is to somehow issue credentials for NTLMv1 authentication/authorization.
Microsofts site states: The supported values for authType are "NTLM", "Digest", "Kerberos", and "Negotiate"
This is just a shot in the dark, but might this be an issue with the server side? Read the following link: http://support.microsoft.com/kb/813834
Upvotes: 1
Related Questions
- C# WebClient NTLM authentication starting for each request
- How to test a HTTP client using NTLM authentication?
- Using fiddler with Windows Authentication
- NTLM authentication in Selenium RemoteWebDriver
- Fiddler Causes Error to Go Away
- Get NTLM Credentials Fiddler
- NTLM-authenticaion fails but Basic authentication works
- Getting 401.1 web response while testing Silverlight Application with fiddler
- NTLM Authentication with GetHttpConnection
- System.Net.WebClient doesn't work with Windows Authentication