NTLM not usable if server supports negotiate and NTLM #139
Description
Assumptions:
- Server supports NEGOTIATE and NTLM. Thus, the servers response header looks like this:
GET ....
HTTP/1.1 401 Unauthorized
....
WWW-Authenticate: NTLM ...the-key...
WWW-Authenticate: Negotiate
- Client does not support negotiate, wants to use NTLM
- Client uses correct NTLM configuration / parameters / etc
Result:
- Gem uses Negotiate instead of NTLM: https://github.com/savonrb/httpi/blob/master/lib/httpi/adapter/net_http.rb#L95
- It is not possible to force usage of NTLM
- All requests result in a 401 Unauthorized with no further information
- No hint given that client switched to Negotiate automatically
What to change (or to monkeypatch, if anyone does not want this behaviour):
- Force auth_method to become "NTLM", https://github.com/savonrb/httpi/blob/master/lib/httpi/adapter/net_http.rb#L95
- headers["WWW-Authenticate"] will be an array containing two elements: NTLM and the key, and an entry "Negotiate" (see above). Always use that value with the key / with NTLM in it. The gem currently is not able to handle two entries at all. (https://github.com/savonrb/httpi/blob/master/lib/httpi/adapter/net_http.rb#L116)
Since the gem is not able to handle two entries at all, this gem maybe generally doesn't work if server sends negotaite AND ntlm headers (didn't test). If so, this issue contains two kind of things: no possibility to force ntlm, no functionality if server supports both / sends both entries.