Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix NTLM Proxy authentication issues. #387

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix NTLM Proxy authentication issues. #387

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 12 additions & 10 deletions Classes/ASIHTTPRequest.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2476,14 +2476,6 @@ - (NSMutableDictionary *)findProxyCredentials
user = [self proxyUsername];
pass = [self proxyPassword];
}

// When we connect to a website using NTLM via a proxy, we will use the main credentials
if ((!user || !pass) && [self proxyAuthenticationScheme] == (NSString *)kCFHTTPAuthenticationSchemeNTLM) {
user = [self username];
pass = [self password];
}



// Ok, that didn't work, let's try the keychain
// For authenticating proxies, we'll look in the keychain regardless of the value of useKeychainPersistence
Expand All @@ -2496,6 +2488,13 @@ - (NSMutableDictionary *)findProxyCredentials

}

// If proxy credential is still not available and when we connect to a website using NTLM via a proxy,
// we will use the main credentials
if ((!user || !pass) && [self proxyAuthenticationScheme] == (NSString *)kCFHTTPAuthenticationSchemeNTLM) {
user = [self username];
pass = [self password];
}

// Handle NTLM, which requires a domain to be set too
if (CFHTTPAuthenticationRequiresAccountDomain(proxyAuthentication)) {

Expand Down Expand Up @@ -2843,12 +2842,15 @@ - (void)attemptToApplyProxyCredentialsAndResume

if (proxyCredentials) {

// From wireshark logs, proxy auth challenge is not responded by calling startRequest twice.
// Needed a third call to get the auth challenge response sent.

// We use startRequest rather than starting all over again in load request because NTLM requires we reuse the request
if ((([self proxyAuthenticationScheme] != (NSString *)kCFHTTPAuthenticationSchemeNTLM) || [self proxyAuthenticationRetryCount] < 2) && [self applyProxyCredentials:proxyCredentials]) {
if ((([self proxyAuthenticationScheme] != (NSString *)kCFHTTPAuthenticationSchemeNTLM) || [self proxyAuthenticationRetryCount] < 3) && [self applyProxyCredentials:proxyCredentials]) {
[self startRequest];

// We've failed NTLM authentication twice, we should assume our credentials are wrong
} else if ([self proxyAuthenticationScheme] == (NSString *)kCFHTTPAuthenticationSchemeNTLM && [self proxyAuthenticationRetryCount] == 2) {
} else if ([self proxyAuthenticationScheme] == (NSString *)kCFHTTPAuthenticationSchemeNTLM && [self proxyAuthenticationRetryCount] == 3) {
[self failWithError:ASIAuthenticationError];

// Something went wrong, we'll have to give up
Expand Down