NTLM Challenge response missing Authorization header

Hi,


I'm trying to access a website with NTLM protocol. I'm using a NSURLSession API to access resrouces in this website

First time I am presented with a challenge and when i supply credentials the callback is sent in two modes.

i) Same HTTP Connection

ii) A new HTTP Connection

The NTLM Authorization header is missing when sent on the same HTTP Connection but exists when sent as a new HTTP Connection.

This below blog mentions that we need to close the connection when we receive the NTLM challenge and send the new request with creds as a new HTTP Connection.


https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

Could you someone please take a look?

Thanks,

Ratna.

Replies

I believe I am running into the same issues. Intermittent NTLM authentication failures. I'd like to verify if it is because of a connection re-use like you called out. How were you able to determine that the connection is re-used?

Hello,


Do you know if this is resolved or possible workarounds. This seems to happen more with NSURLCredentialPersistenceForSession.


Another interesting observation is we get the challenge for every resource in the same protection space.