0

Upload Service Doesn't Authenticate?

I'm getting a 401 error code from the server when hitting the upload link on the browser. I'd like to use the Upload feature for our company intranet.

Server:
Apache 2.2 w/PHP 5.2 & mod-auth-sspi
Windows Server 2003

Client:
Windows XP Pro SP2
IE 7 & FF 3

mod-auth-sspi enforces NTLM authentication from the client browser. I can open the page that holds the upload widget after entering username/password. But when I click 'upload' in both FF and IE, no authentication info appears to be provided because I'm getting the 401 error.

Thanks for listening.

Geoff

by
3 Replies
  • QUOTE (Geoffrey C @ Nov 12 2008, 09:57 AM) <{POST_SNAPBACK}>
    I'm getting a 401 error code from the server when hitting the upload link on the browser. I'd like to use the Upload feature for our company intranet.

    Server:
    Apache 2.2 w/PHP 5.2 & mod-auth-sspi
    Windows Server 2003

    Client:
    Windows XP Pro SP2
    IE 7 & FF 3

    mod-auth-sspi enforces NTLM authentication from the client browser. I can open the page that holds the upload widget after entering username/password. But when I click 'upload' in both FF and IE, no authentication info appears to be provided because I'm getting the 401 error.

    Thanks for listening.

    Geoff


    Hi Geoff,

    After authentication is complete, how is the session maintained? Is it done via cookies? If so you may pass along cookies to the uploader by using the optional [cookies] argument to Uploader.upload.

    cookies: document.cookies

    Does that make sense?

    best,
    lloyd
    0
  • QUOTE (Lloyd Hilaiel @ Nov 12 2008, 01:00 PM) <{POST_SNAPBACK}>
    Hi Geoff,

    After authentication is complete, how is the session maintained? Is it done via cookies? If so you may pass along cookies to the uploader by using the optional [cookies] argument to Uploader.upload.

    cookies: document.cookies

    Does that make sense?

    best,
    lloyd

    Makes sense but authentication isn't handled by a cookie, it appears to be a request header sent by the browser.

    CODE
    Authorization=NTLM TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAblah blah blah gBuAC0ANgAxAO9QG6ocLV80AAAAAAAAAAAAAAAAAAAAADukLJ1BYZIKL+5VW7uEpE29bEr3DjH4xg==
    0
  • QUOTE (Geoffrey C @ Nov 13 2008, 02:32 AM) <{POST_SNAPBACK}>
    Makes sense but authentication isn't handled by a cookie, it appears to be a request header sent by the browser.

    CODE
    Authorization=NTLM TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAblah blah blah gBuAC0ANgAxAO9QG6ocLV80AAAAAAAAAAAAAAAAAAAAADukLJ1BYZIKL+5VW7uEpE29bEr3DjH4xg==


    ok. I was way off the mark in my first response. We could widen the Uploader interface to allow javascript to specify additional headers (perhaps Authorization, and X-* headers), but I don't know that this would solve your problem.

    As far as I can tell, NTLM is a challenge/response protocol and each header is different from the previous.

    Perhaps there's a workaround in an application level mechanism? Something like embedding a temporal token in the served page that's associated with the session and the upload handler checks for this?

    I know this is probably unsatisfying, but look forward to your reaction and will continue to ponder it with the team.

    best,
    lloyd
    0
  • You can Google search
    Create Windows 7 Password Reset Disk | Protect yourself against lost login password
    I remember I read a nice idea sharing about this title before, hope you get your answer.
    0
This forum is locked.

Recent Posts

in Support & General Questions