Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HttpClient using both SSL encryption and NTLM authentication fails

I'm trying to do simple REST calls on a Sharepoint 2010 server that uses SSL encryption (https), as well as NTLM authentication. When the server is set up to not require SSL (just for testing, the server will require SSL in production), my NTLM authentication and subsequent REST calls work fine using HttpClient. However, when SSL is enabled, the authentication no longer works.

Here's the code for the SSL handling (set to accept all certs):

    SSLContext sslContext = SSLContext.getInstance("TLS");

    // set up a TrustManager that trusts everything
    sslContext.init(null, new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public void checkClientTrusted(X509Certificate[] certs,
                String authType) { }

        public void checkServerTrusted(X509Certificate[] certs,
                String authType) { }
    } }, new SecureRandom());

    SSLSocketFactory sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

    Scheme httpsScheme = new Scheme("https", 443, sf);
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(httpsScheme);

    ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry);

Followed by the code to do NTML and the HTTP GET call:

    HttpParams params = new BasicHttpParams();

    DefaultHttpClient httpclient = new DefaultHttpClient(cm, params);

            // Set up the NTLM credentials
    NTCredentials creds = new NTCredentials(USERNAME, PASSWORD, MACHINE, DOMAIN);
    httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);

            // Setup the HTTP GET and execute it
    HttpHost target = new HttpHost(HOSTNAME, 443, "https");

    HttpContext localContext = new BasicHttpContext();
    HttpGet httpget = new HttpGet("/site/_vti_bin/ListData.svc/TestList");
    HttpResponse response1 = httpclient.execute(target, httpget, localContext);

The response I always get back is:

 HTTP/1.1 400 Bad Request
 The server encountered an error processing the request. See server logs for more details.

Note that I've used FireFox Poster and CURL to do the same thing I'm trying to do here programmatically, and it works fine. So the server appears to be set up correctly.

Thanks for your time!

like image 615
PaulP Avatar asked Oct 08 '22 09:10

PaulP


1 Answers

Documenting this for other who may have this problem.

The problem was that the IIS server was set to allow anonymous logins. Apparently, there's a bug where if this is set, any REST or SOAP connections to sharepoint instances under that installation will not succeed. It appeared as though the string "anonymous" was being added to the REST/SOAP URLs, which of course, made it point to a nonexistent service. After we turned off allowing anonymous login on the IIS instance, the calls worked.

like image 90
PaulP Avatar answered Oct 12 '22 11:10

PaulP