By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,036 Members | 1,963 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,036 IT Pros & Developers. It's quick & easy.

httplib/DAV: How to respond to "WWW-Authenticate: NTLM" ?

P: n/a
In a DAV scheme with PROPFIND or GET (PROPFIND /test/ HTTP/1.1) and
Basic AUTH to a MS SharePoint over https server (AUTH required), he
responds 'WWW-Authenticate: NTLM' only:

reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Content-Length: 1656
header: Content-Type: text/html
header: Server: Microsoft-IIS/6.0
header: WWW-Authenticate: NTLM
header: X-Powered-By: ASP.NET
header: MicrosoftSharePointTeamServices: 6.0.2.6568
header: Date: Thu, 12 Oct 2006 12:27:42 GMT
I simply try repeatedly the same request with Basic Auth header again =>
The same response requesting 'header: WWW-Authenticate: NTLM' again.

But then after an unsuccessful test on a really new connection (.close()
, .request()) he accepts the Basic AUTH immediately.

* What is this?
* Is this a legal/known way to respond to a NTLM AUTH request by
..close() and reconnect with Basic Auth?
* Is there a Python function out there to do real NTLM authentication?..
and is this recommended to dig into Microsofty HTTP protocols ?
-robert
Oct 12 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
robert wrote:
In a DAV scheme with PROPFIND or GET (PROPFIND /test/ HTTP/1.1) and
Basic AUTH to a MS SharePoint over https server (AUTH required), he
responds 'WWW-Authenticate: NTLM' only:

reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Content-Length: 1656
header: Content-Type: text/html
header: Server: Microsoft-IIS/6.0
header: WWW-Authenticate: NTLM
header: X-Powered-By: ASP.NET
header: MicrosoftSharePointTeamServices: 6.0.2.6568
header: Date: Thu, 12 Oct 2006 12:27:42 GMT
I simply try repeatedly the same request with Basic Auth header again =>
The same response requesting 'header: WWW-Authenticate: NTLM' again.

But then after an unsuccessful test on a really new connection (.close()
, .request()) he accepts the Basic AUTH immediately.

* What is this?
* Is this a legal/known way to respond to a NTLM AUTH request by
..close() and reconnect with Basic Auth?
* Is there a Python function out there to do real NTLM authentication?..
and is this recommended to dig into Microsofty HTTP protocols ?
-robert
The protocol is described in

http://www.innovation.ch/personal/ronald/ntlm.html

though you may need to consult other documents to get the full details.
It seems there may be a Python implementation at

http://ntlmaps.sourceforge.net/

At a pinch you could just use the proxy.

regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden

Oct 12 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.