always got Unexpected response (401 Unauthorized)

[newToWebDav]

I am new to webDav. I need to move download file from webfolder.

I got webDav setup in Window server 2008 IIS with window integrated
authentication
I can http to the webfolder with the authorized the account manully
login.

When I use code
String username="xxxx";
String password ="xxxxx";

//Sardine sardine = SardineFactory.begin(username, password);
Sardine sardine = SardineFactory.begin();
sardine.setCredentials(username, password);

String uri="http://webdevserver/interface//Testing.txt" ;
if (sardine.exists(uri)) {
System.out.println("file exists");
}

I always got Unexpected response (401 Unauthorized).
I tried user name as "domain\user" and "user@domain" both results the
same above error.

Anybody has some clue?

[Mirko Friedenhagen]

Does the server support Basic Auth? Seeing Windows Server IIS I
suspect the server might require NTLM authentication.
You could try to use debug logging as explained on
http://hc.apache.org/httpcomponents-client-ga/logging.html.

Regards Mirko

[Li Wang]

Thank for replying.

IIS configured as windows integration authentication.it requires NTLM.

 

I got error below:

Also in IIS log W3SVC1 I don't see any user name pass through.

 

I change to basic authentication and it works. But my company requires NTLM authentication.

 

Why?

Is there additional setup should be done on IIS?

Or the code only works with basic authentication? or should additional code I should put?

Also  how can I pass the user with domain information.

right now in code I use

Sardine sardine = SardineFactory.begin(

"domain\\user",password);

also I tried us...@domain.com. Both don't work.

Your advice is appreicated.

 

 

2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "  A:visited { color: maroon }[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "</STYLE>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<h1>You are not authorized to view this page</h1>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<hr>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<p>Please try the following:</p>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<ul>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:83                      << "<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different cred"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "entials.</li>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "</ul>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.<br>Internet Information Services (IIS)</h2>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<hr>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<p>Technical Information (for support personnel)</p>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<ul>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>401</b>.</li>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << " and search for topics titled <b>About Security</b>, <b>Authentication</b>, and <b>About Custom Error Messages</b>.</li>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "</ul>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] Wire.java:69                      << "</TD></TR></TABLE></BODY></HTML>[\r][\n]"
2012-05-18 17:25:10.968 DEBUG [main] HttpMethodBase.java:921           Resorting to protocol version default close connection policy
2012-05-18 17:25:10.968 DEBUG [main] HttpMethodBase.java:925           Should NOT close connection, using HTTP/1.1
2012-05-18 17:25:10.968 DEBUG [main] HttpConnection.java:1175          Connection is locked.  Call to releaseConnection() ignored.
2012-05-18 17:25:10.968 DEBUG [main] HttpMethodDirector.java:277       Authenticating with NTLM <any realm>@xxxxxx.com:80
2012-05-18 17:25:10.984 ERROR [main] HttpMethodDirector.java:235       Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswordCredentials
org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswordCredentials
 at org.apache.commons.httpclient.auth.NTLMScheme.authenticate(NTLMScheme.java:331) ~[download.jar:na]
 at org.apache.commons.httpclient.HttpMethodDirector.authenticateHost(HttpMethodDirector.java:281) [download.jar:na]
 at org.apache.commons.httpclient.HttpMethodDirector.authenticate(HttpMethodDirector.java:233) [download.jar:na]
 at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:169) [download.jar:na]
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) [download.jar:na]
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) [download.jar:na]
 at com.solar.conex.WebDAVClient.downloadFile(WebDAVClient.java:123) [download.jar:na]
 at com.solar.conex.WebDAVClient.main(WebDAVClient.java:150) [download.jar:na]
2012-05-18 17:25:10.999 DEBUG [main] Wire.java:69                      >> "GET /interface/conex/itemMaster/Testing.txt HTTP/1.1[\r][\n]"
2012-05-18 17:25:10.999 DEBUG [main] HttpMethodBase.java:1235          Adding Host request header
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      >> "User-Agent: Jakarta Commons-HttpClient/3.0[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      >> "Host: xxxxx.com[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      >> "[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "HTTP/1.1 401 Unauthorized[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "Content-Length: 1656[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "Content-Type: text/html[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "Server: Microsoft-IIS/6.0[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "WWW-Authenticate: Negotiate[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "WWW-Authenticate: NTLM[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] Wire.java:69                      << "Date: Sat, 19 May 2012 00:25:18 GMT[\r][\n]"
2012-05-18 17:25:11.015 DEBUG [main] HttpMethodDirector.java:837       Authorization required
2012-05-18 17:25:11.015 DEBUG [main] AuthChallengeProcessor.java:154   Using authentication scheme: ntlm
2012-05-18 17:25:11.015 DEBUG [main] AuthChallengeProcessor.java:162   Authorization challenge processed
2012-05-18 17:25:11.015 DEBUG [main] HttpMethodDirector.java:706       Authentication scope: NTLM <any realm>@xxxxx.com:80
2012-05-18 17:25:11.015 DEBUG [main] HttpMethodDirector.java:855       Credentials required
2012-05-18 17:25:11.015 DEBUG [main] HttpMethodDirector.java:873       Credentials provider not available
2012-05-18 17:25:11.015 INFO  [main] HttpMethodDirector.java:714       Failure authenticating with NTLM <any realm>@xxxxx.mycompany.com:80

[Mirko Friedenhagen]

Hello Li,

I am afraid Sardine will always do Basic Auth when using the factory
methods provided. You may try to create and inject a HttpClient
prepared for NTLM, see
http://hc.apache.org/httpcomponents-client-ga/ntlm.html

Regards Mirko

[Mirko Friedenhagen]

Hello Li,

Looking at http://code.google.com/p/sardine/source/browse/trunk/src/com/googlecode/sardine/impl/SardineImpl.java#268
it seems to me NTLM should be supported. But you may not set
username/password via constructor/factory method, you have to invoke
setCredentials with the correct domain and workstation after
construction.

Regards Mirko
--
http://illegalstateexception.blogspot.com/
https://github.com/mfriedenhagen/
https://bitbucket.org/mfriedenhagen/

[Li]

Thank you I will try in that way.

Sent from my iPhone

[Li]

Hi Mirko,
I did setCredential with domain and server infor. But I still got 401 unauthorized error.

Li
Sent from my iPhone

[Eduardo Ponce de Leon]

Li,

Did you ever get this issue fixed!! I am having the same problem??

[prinl...@gmail.com]

I found this thread because I was having the exact same issue and was able to solve it.  I am posting it here in case anyone else runs across this the information could be helpful.

 

The IIS site was configured to check NTLM and Negotiate:Kerberos.  When we stripped the authentication settings to be NTLM only, it worked perfectly as expected.