With the help from Steve Moss, I compiled my indy10 testing
program. It uses a TIdHttp to fetch an url. The authentication
scheme used by our proxy server is NTLM.
Here are some findings
TIdCustomHTTP.DoOnProxyAuthorization selects TSSPINTLMAuthentication correctly.
1. Unit IdAuthenticationSSPI
The Authentication funtion falls apart when creating negotiate
packet.
function TIdSSPINTLMAuthentication.Authentication: string;
begin
......
result := 'NTLM ' + IdEncoderMIME.EncodeString(
FSSPIClient.InitAndBuildType1Message);
......
end;
function TIndySSPINTLMClient.InitAndBuildType1Message: string;
begin
fContext.GenerateInitialChalenge('', Result);
end;
function TSSPIClientConnectionContext.GenerateInitialChalenge
(const aTargetName: string; var aToPeerToken: string): Boolean;
begin
......
Result := UpdateAndGenerateReply('', aToPeerToken); //Param 1!
......
end;
function TCustomSSPIConnectionContext.UpdateAndGenerateReply
(const aFromPeerToken: string; var aToPeerToken: string): Boolean;
begin
......
with fInBuff do begin
cbBuffer := Length(aFromPeerToken);
//Crush: aFromPeerToken = '' !!
pvBuffer := @(aFromPeerToken[1]);
end;
......
end;
The TSSPINTLMAuthentication would never get its packet, let along
complete the authentication.
2. Unit IdHTTP
In the first two steps of the NTLM authenticaiton, the proxy
server responses with 407. The code quoted below prematurely
resets the TSSPINTLMAuthentication object. Because FCurrentStep
is set to 0, the Auth object will not move to the second step of
the authentication.
// Clear password and reset autorization if previous failed
if (AResponse.FResponseCode = 407) then begin
ProxyParams.ProxyPassword := '';
ProxyParams.Authentication.Reset;
end;
Could someone please enlighten me as to whether Indy is capable
of handling NTLM authentication? With which version? Any changes
needed?
Thanks,
Yong.
