2

I am currently trying to Authenticate with an IIS/6.0 Data Server. With the code below, how do I retrieve the challenge from the server. Currently what I am doing is sending the first GET request to the server

//Part 1: The Request
    pw.println("GET /dashboard/ HTTP/1.1");
    pw.println("Host: MyServer.net");
    pw.println("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0");
    pw.println("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
    pw.println("Accept-Language: en-US,en;q=0.5");
    pw.println("Accept-Encoding: gzip, deflate");
    pw.println("Connection: keep-alive");
    pw.println("WWW-Authenticate: Negotiate");
    pw.println();
    pw.flush();

//Part 1: The Response
    HTTP/1.1 401 Unauthorized
    Content-Length: 1656
    Content-Type: text/html
    Server: Microsoft-IIS/6.0
    WWW-Authenticate: Negotiate
    WWW-Authenticate: NTLM
    X-Powered-By: ASP.NET
    Date: Mon, 14 Sep 2015 19:28:16 GMT

Then I send the next request

//Part 2: The Request
    pw.println("GET /dashboard/ HTTP/1.1");
    pw.println("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
    pw.println("Referer: http://MyServer.net/dashboard/");
    pw.println("Accept-Language: en-US,en;q=0.5");
    pw.println("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0");
    pw.println("Accept-Encoding: gzip, deflate");
    pw.println("Host: MyServer.net");
    pw.println("Connection: keep-alive");
    pw.println("Authorization: Negotiate");
    pw.println();
    pw.flush();

//Part 2: The Response
    HTTP/1.1 401 Unauthorized
    Content-Length: 1539
    Content-Type: text/html
    Server: Microsoft-IIS/6.0
    WWW-Authenticate: Negotiate YF0GBisGAQUFAqBTMFGgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMdMBugGRsXcGFlbXMxOTYkQFNUQVJCVUNLUy5ORVQ=
    X-Powered-By: ASP.NET
    Date: Mon, 14 Sep 2015 19:28:16 GMT

There are two things wrong that I think I have done here.

  1. The WWW-Authenticate Header field appears to be wrong in "Part 2: The Response" I think it is because I am not using NTLM (Which is what I want to use)
  2. I have not sent My Active Directory credentials yet. I do not know what I need to do next.

Currently I found a really helpful document Responding to the Challenge which helps explain how to encode the Active Directory credentials

What steps do I need to take in order to completely authenticate with the server so that I can poll data from it?

Loligans
  • 497
  • 9
  • 24

0 Answers0