B
Bill Belliveau
Hi all, I’m trying to read a values out of the ‘authorization’ host header. I can get the values easily enough, but the ‘authorization’ header is somewhat allusive.
For connections requiring authorization the process appears to flow:
Client -> Server [request]
Client <- Server [401]
Client -> Server [request +auth]
(success)
Client <-> Server [request/response normal – future auth not required/port secure]
The site does not allow anonymous connections so I assume the first two steps happen at an IIS level with ASP.NET having no knowledge. It seems that it should be possible to determine the successful second request with credentials. Unfortunately I am only seeing spotty results on the connection.
If I run in debug [(A) –> Server] I (A) can see authorization requests.
Sometimes the Authorization comes up as NTLM and other times as Negotiate with the exact same machine settings.
If I deploy the project to an intermediary server [A –> (B) –> Server] sometimes B sees the authorization requests, sometimes not.
I am passing good credentials and reciving validation because even when I'm not seeing the Authorization header (writing to the event log), the site is still allowing access - the vdir is restricted to Integrated Windows Authentication.
[code snippet in Global.asax session_start]
string strMessage = "No message";
foreach(string header in System.Web.HttpContext.Current.Request.Headers)
{
foreach(string headerValue in System.Web.HttpContext.Current.Request.Headers.GetValues(header))
{
strMessage = String.Format("Header Name: {0}\nHeader Value: {1}", header ,headerValue);
if(header == "Authorization")
{
string s = "";
string head = "";
string tail = "";
try{head = headerValue.Split(' ')[0];}
catch(Exception ex){System.Diagnostics.Debug.WriteLine("head failed");}
try{tail = headerValue.Split(' ')[1];}
catch(Exception ex){System.Diagnostics.Debug.WriteLine("tail failed");}
try
{
s = System.Text.ASCIIEncoding.ASCII.GetString(System.Convert.FromBase64String(tail));
}
catch{System.Diagnostics.Debug.WriteLine("Binary Base64")}
finally
{
strMessage += "\nAuthHttpHeader Decoded: " + s;
}
}
System.Diagnostics.Debug.WriteLine(strMessage);
}
}
[snippet end]
Overall I’m looking to determine if the client browser’s authorization scheme is NTLMSSP, I just can’t reliably get this information.
Thanks for any ideas,
Bill
For connections requiring authorization the process appears to flow:
Client -> Server [request]
Client <- Server [401]
Client -> Server [request +auth]
(success)
Client <-> Server [request/response normal – future auth not required/port secure]
The site does not allow anonymous connections so I assume the first two steps happen at an IIS level with ASP.NET having no knowledge. It seems that it should be possible to determine the successful second request with credentials. Unfortunately I am only seeing spotty results on the connection.
If I run in debug [(A) –> Server] I (A) can see authorization requests.
Sometimes the Authorization comes up as NTLM and other times as Negotiate with the exact same machine settings.
If I deploy the project to an intermediary server [A –> (B) –> Server] sometimes B sees the authorization requests, sometimes not.
I am passing good credentials and reciving validation because even when I'm not seeing the Authorization header (writing to the event log), the site is still allowing access - the vdir is restricted to Integrated Windows Authentication.
[code snippet in Global.asax session_start]
string strMessage = "No message";
foreach(string header in System.Web.HttpContext.Current.Request.Headers)
{
foreach(string headerValue in System.Web.HttpContext.Current.Request.Headers.GetValues(header))
{
strMessage = String.Format("Header Name: {0}\nHeader Value: {1}", header ,headerValue);
if(header == "Authorization")
{
string s = "";
string head = "";
string tail = "";
try{head = headerValue.Split(' ')[0];}
catch(Exception ex){System.Diagnostics.Debug.WriteLine("head failed");}
try{tail = headerValue.Split(' ')[1];}
catch(Exception ex){System.Diagnostics.Debug.WriteLine("tail failed");}
try
{
s = System.Text.ASCIIEncoding.ASCII.GetString(System.Convert.FromBase64String(tail));
}
catch{System.Diagnostics.Debug.WriteLine("Binary Base64")}
finally
{
strMessage += "\nAuthHttpHeader Decoded: " + s;
}
}
System.Diagnostics.Debug.WriteLine(strMessage);
}
}
[snippet end]
Overall I’m looking to determine if the client browser’s authorization scheme is NTLMSSP, I just can’t reliably get this information.
Thanks for any ideas,
Bill