Re: Problem establishing SSL connection in code-behind
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 3 Jan 2008 16:32:17 -0600
What you are seeing is a standard NTLM request/response pattern. Normally
with NTLM, the browser does a GET and the server responds with 401 and a
WWW-Authenticate header with a challenge. The browser then does the GET
again with a responding Authorization request header and the server responds
with 200 if the browser's response is accepted. Kerberos auth looks a
little different because it can preauthenticate.
Based on what I see here, it looks like NTLM worked ok from wfetch. You
might try with Negotiate auth selected to allow the possibility of Kerberos
and not just NTLM. Kerberos will only work if there is a valid SPN
registered in AD for that hostname though (and the DC can be contacted by
the client to get a Kerb ticket).
As to why your code is getting a timeout now, I don't know. The fact that
it used to get something different and is now timing out doesn't make a lot
of sense.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"gnewsgroup" <gnewsgroup@xxxxxxxxx> wrote in message
news:74603d35-9d7d-45f6-890e-f8b17fcf8764@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jan 2, 11:15 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Regarding your first question, SSL is negotiated before any HTTP traffic
is
sent, so SSL must have already been successful. That's what I meant by
saying that it was not the problem.
This error you are getting in the event log doesn't look right though. I
would not expect to see a group policy processing error for a network
login.
That seems like something that should happen on an interactive logon. I
could be wrong though as I'm not a GPO guy. However, I'd also expect to
see
that same error when you log on using IWA with those same credentials
using
the browser.
There is a tool that is often helpful for troubleshooting HTTP
authentication issues called wfetch.exe from the IIS 6 resource kit that
I
would probably try to use to simulate the GET request that your .NET code
is
making to see if I get the same error.
Joe K.
OK, I did test it with wfetch. I am confused by the wfetch log.
Click here http://gnewsgroup.googlepages.com/home to view the log.
Especially confusing is that at once place, the log says that I am not
authorized to view that requested page. At another place, it displays
that page nicely right in front of me. What does it mean?
Now when I debug my web application (see my first post in this
thread), the Exception Message (ex.Message) says:
"The operation has timed out"
I thought that maybe port 4443 (the SSL port I use) is blocked by the
firewall, but the target host has the Windows Firewall turned off.
I am at my wit's end.
.
- Follow-Ups:
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- References:
- Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Problem establishing SSL connection in code-behind
- Prev by Date: Re: Problem establishing SSL connection in code-behind
- Next by Date: Re: Problem establishing SSL connection in code-behind
- Previous by thread: Re: Problem establishing SSL connection in code-behind
- Next by thread: Re: Problem establishing SSL connection in code-behind
- Index(es):
Relevant Pages
|
