InitializeSecurityContext and NTLM authentication

I posted the problem given below some days back. But, I
didn't get any replies or comments. I will try to make it more
clear this time.

I am creating an application which uses NTLM authentication.
As you know there are 3 messages in an NTLM session.
Let me call them Msg1, Msg2 and Msg3, where,

Msg1 : Client to Server.
Msg2 : Server to Client [contains random challenge]
Msg3 : Client to Server [uses password hash to encrypt this
challenge string and sends back to the server ]

I am making use of SSPI context management functions to
get this session working.

I have created Msg1 successfully using the following two
functions.
1) AcquireCredentialsHandle
2) InitializeSecurityContext

Then I sent the Msg1 to the server and I got reply from the
server [Msg2].

I am a bit confused here. How should I pass this Msg2
to the InitializeSecurityContext to create Msg3 ? Or should
I call AcquireCredentialsHandle again ?

The documentation of InitializeSecurityContext says that,
the parameter "pInput" must be NULL on the first call.
So how do I pass Msg2 to InitializeSecurityContext function ?

Any help would be appreciated.

regards
Sijo


----- Original Message -----
From: "sijo" <spam@xxxxxxxx>
Newsgroups: microsoft.public.platformsdk.security
Sent: Thursday, September 07, 2006 3:40 PM
Subject: InitializeSecurityContext and NTLM


Hello,

Can some of you point out the sequence of calling
InitializeSecurityContext to setup NTLM authentication.?

The following is the sequence I tried.
1) AcquireCredentialsHandle is called.
2) InitializeSecurityContext is called.
3) The output buffer [ntlm msg1] returned is sent to the server.
4) I got a response [ntlm msg2 ] from the server.Then, I called
InitializeSecurityContext again with this buffer as the
inputBuffer. [And passing the old context handle as the second
parameter]. But this time the function returned "Unknown error".

Is it the right sequence to setup NTLM authentication ?
Any comments would be appreciated.

regards
sijo


.

Relevant Pages

  • NTLM SSPI Message Signatures
    ... I try to authenticate to the Live Communication Server 2005 using NTLM. ... InitializeSecurityContext() with the ISC_REQ_DATAGRAM, ...
    (microsoft.public.platformsdk.security)
  • Re: Integrated Windows Authentication Timeout?
    ... Do you see anything different for the NTLM requests? ... You might consider enabling protocol transition authentication since you are ... Joe Kaplan-MS MVP Directory Services Programming ... server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... Is it possible that a different host name is being used for one of the subsequent requests that would break Kerberos auth? ... If you have "Negotiate" authentication set in the metabase, then this can still negotiate down to NTLM if for some reason the protocol thinks that Kerberos is unavailable. ... server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: "The page cannot be displayed" for non domain users
    ... The Wfetch utility is able to get true. ... The first atemp returns the page I get in the IE. ... When I use IE I never get the NTLM authentication window: ... Server: Microsoft-IIS/6.0\r\n ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS6, Integrated Windows Auth, and IE6 Integrated Windows Auth
    ... on your server, modifying its behavior, and causing the issue. ... do you feel that there is an issue with NTLM ... > application -- after IIS has successfully authenticated with NTLM -- so it ... > is an application issue and not with IIS6, Integrated Authentication, nor ...
    (microsoft.public.inetserver.iis)