Re: HTTP proxy authentication using by SSPI

From: Stephen L Nicoud (nicouds@hotmail.com)
Date: 06/07/02


Date: Thu, 06 Jun 2002 17:58:24 -0700
From: Stephen L Nicoud <nicouds@hotmail.com>


I can't answer your question directly, but I will note that not even Windows
knows what the password is. The first thing Windows does with the password
when you log in is to run it through a one-way hash. It forgets the password
at that point and instead uses the password hash. The password hash is used to
create the "response" when challenged with a "challenge" (hence NT Challenge /
Response). Windows domains store the password hash, not the password.
However, a password hash can be used as a password substitute if you know how
to deal with the NTCR protocol.

ungd@mail.ru wrote:
>
> Hello,
>
> My programm using client\server architecture and HTTP protocol to comunicate
> one each other.
> I'm using winsock 1.1 and VC++ Dev. environment.
> The problem is that when i want to bypass proxy server some of them have
> authentication (NTLM or Kerboros ..). I found sample in Platform SDK (calls
> HTTPAuth), which shows how to solve it using SSPI, but one problem for this
> authentication - I must know user's password and username.
> How can i get this???
> May be regestry or some OS structure that contain it.
> I know that it possible to find, cause IE doesn't ask for Username and
> password for authentication proccess, it takes it from some place.
> Please Help with this problem
> Thanks a lot,
> Simon



Relevant Pages

  • Re: HTTP proxy authentication using by SSPI
    ... > at that point and instead uses the password hash. ... Windows domains store the password hash, ... >> authentication - I must know user's password and username. ... >> password for authentication proccess, it takes it from some place. ...
    (microsoft.public.security)
  • Re: Windows authentication over remoting... possible?
    ... Dominick Baier - DevelopMentor ... windows forms application... ... password nor password hash over the network so if there is a better ... way (just like SQL server does or many other apps), ...
    (microsoft.public.dotnet.security)
  • Re: What is the maximal length of usernames on Solaris?
    ... > system to accommodate 4096 character user ID's. ... > 8 characters is to short in many circumstances. ... >>People who whine about petty shit such as how long a username can be ... but Windows uses a backward slash. ...
    (comp.sys.sun.admin)
  • RE: Adding a virtual FTP folder to IIS
    ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ...
    (microsoft.public.dotnet.framework)
  • Re: Network shares and printing
    ... Windows cannot obtain the domain controller name for your computer network. ... shared drive and entering proper username and password. ...
    (microsoft.public.windowsxp.network_web)