asp.net - Windows authentication - Kerberos or NTLM (Negotiate oYICO...) -


i have problems single user in intranet application. client side wpf application communicates asp.net web api web service.

the client sends https , post requests using 

httpclienthandler handler = new httpclienthandler() {   automaticdecompression = decompressionmethods.deflate | decompressionmethods.gzip,   usedefaultcredentials = true,   preauthenticate = true };

on iis windows authentication enabled ntlm , negotiate providers.

the system works users except 1 gets 401.1 post requests.

i'm currenty trying figure out what's different user. thing noticed different kind of authorization header.

from here (and many other resources) read:

if header starts "t" (example: http: authorization = negotiate tlrmtvntu...) you're using ntlm. if starts "y" (example: authorization: negotiate yiiljgygkwyb...) you're using kerberos.

i can see headers working requests seems use kerberos:

authorization: negotiate yiit4qygkwybbqucoiit1tcc...

the header sent user fails post looks like

authorization: negotiate oyicotccajwgawobaakcahg...

it starts o. so ntlm or kerberos? authentication fails post request, succeeds on get!

why don't use wireshark that?

wireshark inspect traffic. break down ticket asn.1 displayable tree structure. you'll see mechanism used in case. additionally, you'll see kerberos traffic, e.g., tgs-req.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more