[squeak-dev] Re: WebClient with proxy NTLM authentication
Andreas Raab
andreas.raab at gmx.de
Fri Sep 17 05:15:50 UTC 2010
Hi Denis -
I gave it a quick shot and found that the interface is pretty trivial to
implement via FFI. As a consequence I've added a WebClientSSP which
provides support for NTLM authentication via Microsoft SSP through an
FFI interface. To install it you need:
1) The (latest version of) the FFI:
(Installer repository: 'http://source.squeak.org/FFI')
install: 'FFI-Pools';
install: 'FFI-Kernel';
install: 'FFI-Tests'.
2) The WebClient-SSP package:
(Installer repository: 'http://squeaksource.com/WebClient')
install: 'WebClient-SSP'.
Once installed you should be able to use WebClientSSP with NTLM auth for
both proxy and regular authentication. Do note that I might change the
implementation entirely; I've added WebClientSSP as a subclass so that
it can be loaded and unloaded easily and doesn't affect the core
implementation of WebClient.
WARNING: I have only tested this very rudimentary. In *theory*
WebClientSSP should support NTLM and Kerberos authentication with full
SSO (i.e., if you're attached to a domain you should be able to
authenticate without ever being asked for credentials) but I don't have
the ability to test this from home so my only test was against
sharepointspace.com which provides NTLM auth only. In other words
there's a lot of stuff that hasn't been tested yet, including NTLM proxy
auth, any kind of Negotiate/SPNEGO auth, SSO etc. In short, your mileage
may vary greatly but testing and feedback are obviously welcome.
Cheers,
- Andreas
On 9/16/2010 12:03 PM, Denis Kudriashov wrote:
> Thank you, Andreas for response.
>
> I really prefer 1) option. I hate C stuff.
> I examine VW code for NTLM and It's not really difficult.
>
> And maybe I can use CurlPlugin for that. It's will be more simple
> solution for me
>
> 2010/9/16 Andreas Raab <andreas.raab at gmx.de <mailto:andreas.raab at gmx.de>>
>
> On 9/16/2010 5:43 AM, Denis Kudriashov wrote:
>
> Is WebClient supports proxy NTLM authentication?
>
>
> It doesn't.
>
>
> If not Can you advise me how two implement it?
>
>
> You have basically two options:
> 1) Implement it from scratch. There are a number of resources that
> describe NTLM in detail (basically reverse-engineered since there's
> no official documentation), for example:
>
> http://www.innovation.ch/personal/ronald/ntlm.html
>
> 2) Implement it via a plugin using the Microsoft SSP interface. Your
> starting point would be here:
>
> http://msdn.microsoft.com/en-us/library/aa375512%28VS.85%29.aspx
>
> FWIW, we went for option #2 in our products; the authentication part
> is tricky (lots of details) but straightforward in principle (i.e.,
> you basically call InitializeSecurityContext twice and are done).
>
> Cheers,
> - Andreas
>
>
>
>
>
More information about the Squeak-dev
mailing list
|