PHP Classes

proxy auth ntlm

Recommend this page to a friend!

      PHP HTTP protocol client  >  All threads  >  proxy auth ntlm  >  (Un) Subscribe thread alerts  
Subject:proxy auth ntlm
Summary:Having troubles authenticating
Messages:2
Author:Andreas Horn
Date:2016-03-14 13:57:09
 

  1. proxy auth ntlm   Reply   Report abuse  
Picture of Andreas Horn Andreas Horn - 2016-03-14 13:57:09
Hi Manuel,

I'm back from auth NEGOTIATE... I found that my proxy server also accepts auth NTLM - so far so good. But I can't authenticate successfully somehow.
I'm not that experienced in authentication mechanism, but I found some curiosities playing with your httpclient with sasl. I modified your test_http.php with my credentials and tested:

Server says to my inital request:
S HTTP/1.1 407 Proxy Authentication Required
S Proxy-Authenticate: NEGOTIATE
S Proxy-Authenticate: NTLM
S Cache-Control: no-cache
S Pragma: no-cache
S Content-Type: text/html; charset=utf-8
S Proxy-Connection: close
S Set-Cookie: BCSI-CS-ac57f34e119b7619=2; Path=/
S Connection: close
S Content-Length: 1434

Part of my second request is something like:
C Proxy-Authorization: NTLM TlRMTVNTUAABAAAABzIAAAAAAAAgAAAAAAAAACAAAAA=
C Cookie: BCSI-CS-ac57f34e119b7619=2;

The Authorization string doesn't differ if I fill in my credentials or if I leave them blank:
$arguments["ProxyUser"]="myDomain\\myUser";
$arguments["ProxyPassword"]="myPassword";

If I fill in
$arguments["ProxyRealm"]="foo";
$arguments["ProxyWorkstation"]="bar"

then these strings are added at the end of the above authorization string base64-encoded (after decode -> clear text)

If I fetch the first authorization string from a browser request (with succesful auth), it is 12 characters longer, and after base64-decode all data after "NTLMSSP" is binary.

Is it possible that there is a bug in your auth NTLM class?... or I'm I doing something totally weird?

Best Regards
Andreas

  2. Re: proxy auth ntlm   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2016-03-14 20:43:28 - In reply to message 1 from Andreas Horn
I think you do not need to enter the domain in the user name.

If I am not mistaken the Domain should go into Realm.

You can always take a look at the authorization header that your browser sends using its developer tools and compare.