Re: HTTP proxy authentication using by SSPI

From: Stephen L Nicoud (nicouds@hotmail.com)
Date: 06/07/02


Date: Thu, 06 Jun 2002 17:58:24 -0700
From: Stephen L Nicoud <nicouds@hotmail.com>


I can't answer your question directly, but I will note that not even Windows
knows what the password is. The first thing Windows does with the password
when you log in is to run it through a one-way hash. It forgets the password
at that point and instead uses the password hash. The password hash is used to
create the "response" when challenged with a "challenge" (hence NT Challenge /
Response). Windows domains store the password hash, not the password.
However, a password hash can be used as a password substitute if you know how
to deal with the NTCR protocol.

ungd@mail.ru wrote:
>
> Hello,
>
> My programm using client\server architecture and HTTP protocol to comunicate
> one each other.
> I'm using winsock 1.1 and VC++ Dev. environment.
> The problem is that when i want to bypass proxy server some of them have
> authentication (NTLM or Kerboros ..). I found sample in Platform SDK (calls
> HTTPAuth), which shows how to solve it using SSPI, but one problem for this
> authentication - I must know user's password and username.
> How can i get this???
> May be regestry or some OS structure that contain it.
> I know that it possible to find, cause IE doesn't ask for Username and
> password for authentication proccess, it takes it from some place.
> Please Help with this problem
> Thanks a lot,
> Simon