curl-library
Failure with --proxy-anyauth on NTLM
Date: Fri, 30 Mar 2012 09:38:28 +0200
Hi,
I am looking for support on ISA-Proxy authentication.
I am developing using a libcurl-7.24.0 and I received a report from a
customer saying the application does not work when behind a proxy.
In the code I am using the option CURLAUTH_ANY and CURLOPT_PROXYUSERPWD
for username and password.
This code works correctly for Squid and other proxies, but it fails for
ISA-Proxy.
In order to debug I asked the customer to test with curl.exe (7.24.0)
download from curl website.
These are the results of the tests (I have no access to the
ISA-server-Proxy).
1. curl.exe --proxy-ntlm --proxy 192.168.0.110:3128 --proxy-user
user:pass www.google.com
It works fine if --proxy-ntlm
<http://curl.haxx.se/docs/manpage.html#--proxy-ntlm> is specified.
2. curl.exe --proxy-anyauth --proxy 192.168.0.110:3128 --proxy-user
user:pass www.google.com
It fails.
3. curl.exe --proxy-anyauth --proxy-negotiate --proxy 192.168.0.110:3128
--proxy-user user:pass www.google.com
It fails.
4. Using --include to debug:
curl.exe --include --proxy-anyauth --proxy-negotiate --proxy
192.168.0.110:3128 --proxy-user user:pass www.google.com
gives
-------------
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web P
roxy filter is denied. )
Via: 1.1 NAS
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 4115
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web P
roxy filter is denied. )
Via: 1.1 NAS
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 4115
HTTP/1.1 407 Proxy Authentication Required ( Access denied. )
Via: 1.1 NAS
Proxy-Authenticate: Negotiate
TlRMTVNTUAACAAAADgAOADgAAAA1goni4Mw33O4Ex3IAAAAAAAAAALIAsgBGAAAABQLODgAAAA9MAEEATgBQAFIATwBWAAIA
DgBMAEEATgBQAFIATwBWAAEABgBOAEEAUwAEACoAbABhAG4ALgBwAHIAbwB2AGkAbgBjAGkAYQAuAHIAbwBtAGEALgBpAHQAAwAyAG4AYQBzAC4AbABhAG4ALgBwAH
IAbwB2AGkAbgBjAGkAYQAuAHIAbwBtAGEALgBpAHQABQAqAGwAYQBuAC4AcAByAG8AdgBpAG4AYwBpAGEALgByAG8AbQBhAC4AaQB0AAAAAAA=
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0>
------------------------
Any suggestion? Any clue?
I need to use CURLAUTH_ANY since I expect the customer not to know the
type of proxy.
Best regards,
Matteo
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-30