Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.7.3
-
None
-
Windows Server 2008 R2 Standard SP1 (Client & Server).
JDK6 + 7 both tried (Client).
IIS 7 (Server)
-
Moderate
Description
When using the AsyncHTTPConduit in an attempt to authenticate against an IIS based webservice that requires NTLM & an authentication cookie (ASP.NET_SessionId) I see that the NTLM authentication succeeds but because the session cookie is missing the endpoint returns another 401.
I'll attach wireshark output that demonstrates this behaviour.
I've narrowed it down to:
HTTPConduit$WrappedOutputStream#authorizationRetransmit()
where authorizationToken below is always null when using NTLM so it returns false and doesn't continue down to the block of code about 6 lines down that sets the cookies!
String authorizationToken =
authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,
authHeader.getFullHeader());
if (authorizationToken == null) {
// authentication not possible => we give up
return false;
}