Hi, Melinda-
I'm not sure it's going to be that easy. From what I've read, the NTLM
authorization header includes structured data that is encoded using a
server nonce and/or the password. However, AUTH_USER, REMOTE_USER and
LOGON_USER variables should be available to ISAPI applications with
NTLM. I'd be looking on the ISAPI side for a way, maybe a configuration
setting, to pass the decoded NTLM credentials to tomcat.
-Terence Bandoian
Savoy, Melinda wrote:
Question. As my code is currently blowing up when I setup the Base64Decoder in
my constructor I'm getting an error immediately, at any rate I'm working thru
that, but will this DECODE method show me the USERID that I'm looking for?
That is what I'm needing. Thank you.
-----Original Message-----
From: Terence M. Bandoian [mailto:tere...@tmbsw.com]
Sent: Tuesday, June 22, 2010 12:40 PM
To: Tomcat Users List
Subject: RE: Still having problem retrieving user value from ISAPI Filter for
authentication
Hi, Melinda-
As Pid suggested, the first part of that string after NTLM in the
authorization header decodes in base64 to 'NTLMSSP'.
-Terence Bandoian
Savoy, Melinda wrote:
Thanks Pid, I did do that as well, but I did not see the user value there either.
Here is what I got when I did issue the getHeaderNames() and as you can see the
authorization shows the encrypted NTLM value but it is not decrypted and I
cannot get to the info though the ISAPI log shows the decrypted value which I
cannot get to:
=imeHeaders ===
accept =
accept-language =us
connection îp-Alive
host =alhost
user-agent =illa/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
cookie =SSIONID-9AE176A965514B845A6E3A9E83A21E
authorization =M
TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP
accept-encoding =p, deflate
content-length >
I don't know what I'm doing wrong here. Again, any help is appreciated.
Thanks.
-----Original Message-----
From: Pid [mailto:p...@pidster.com]
Sent: Tuesday, June 22, 2010 7:11 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for
authentication
On 22/06/2010 13:05, Marc Boorshtein wrote:
I haven't tried this with IIS, but we had quite the discussion on this
last week with Apache & tomcat with JK. In your server.xml file add
tomcatAuthentication=se" to the AJP connector object. If you look
in the archives of this list for JK_REMOTE_USER there is a very
interesting discussion on the topic.
Also, you could iterate through the headers in request.getHeaderNames() to see
what's being passed across to Tomcat.
p
Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
The information contained in this message and any attachments is intended only
for the use of the individual or entity to which it is addressed, and may
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from
disclosure under applicable law. If you are not the intended recipient, you
are prohibited from copying, distributing, or using the information. Please
contact the sender immediately by return e-mail and delete the original message
from your system.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
The information contained in this message and any attachments is intended only
for the use of the individual or entity to which it is addressed, and may
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from
disclosure under applicable law. If you are not the intended recipient, you
are prohibited from copying, distributing, or using the information. Please
contact the sender immediately by return e-mail and delete the original message
from your system.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
