[jcifs] jCIFS breaks posts to ASP pages
Allistair Crossley
Allistair.Crossley at QAS.com
Mon Apr 19 15:12:52 GMT 2004
I would need to get the front page of the ASP applications to remove the NTLM header using the trick you refer to and then redirect back to itself to start the application, but it fails to do so. I tried both
Response.Status = "401 Unauthorized";
and
Response.Status = "403 Forbidden";
As soon as I then submit my ASP form the NTLM authorisation header appears again. I appreciate that this is related to ASP programming which I am not that au fait with either, but presumably this should do the same thing as the JSP version.
ADC
-----Original Message-----
From: eglass1 at comcast.net [mailto:eglass1 at comcast.net]
Sent: 19 April 2004 15:42
To: Allistair Crossley
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] jCIFS breaks posts to ASP pages
> We are having reports that our ASP applications no longer function and I
> have discovered that the cause is jCIFS in some way. The parts of the ASPs
> that do not work are form posts (so form logins mainly). No form parameters
> are being passed.
>
> I was able to get to a point where I could run the ASPs successfully and
> this was when I visited the ASP after opening a fresh IE window. However,
> when visiting our jCIFS web application and THEN going to the ASP
> application it failed with empty request form parameters.
>
> I printed the http headers in the ASP test and the addition of
> HTTP_AUTHORISATION:NTLM is the only difference.
This is the issue I was referring to in response to the previous post:
http://lists.samba.org/archive/jcifs/2004-April/003298.html
Basically, if you have an NTLM-protected resource *anywhere* on a particular
server, Internet Explorer will require re-authentication before sending
POST parameters to that server -- even sections that *aren't* NTLM-protected.
There's a blurb about this here:
http://www.websina.com/bugzero/kb/browser-ie.html
This is an Internet Explorer "feature", and isn't related to jCIFS; once you
visit an NTLM page on a site, subsequent POSTs to anything on that site will
be empty until the NTLM handshake is successfully completed.
You can "trick" IE into dropping the NTLM requirement by sending a 401 or
403 response; see this:
http://lists.samba.org/archive/jcifs/2004-February/003060.html
Eric
<FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE>
-------------------------------------------------------
QAS Ltd.
Developers of QuickAddress Software
<a href="http://www.qas.com">www.qas.com</a>
Registered in England: No 2582055
Registered in Australia: No 082 851 474
-------------------------------------------------------
</FONT>
More information about the jcifs
mailing list