Skip to first unread message
kk
Jun 25, 2013, 9:50:09 AM6/25/13
to httpf...@googlegroups.com
hi, i'm using fiddlercore 2.4.0.1 with ChainToUpstreamGateway
and RegisterAsSystemProxy
options to intercept traffict to an intranet website.
ie uses a proxy to all internet/intranet requests using "automatic configuration script" with a remote pac file on http protocol.
my problem is that by default the request to the intranet site works directly but with fiddler active the prompt to request username and password will appears.
with fiddler after my initial request the server's response is a 401 with this headers
and then the popup will appear.
note:to autoauthenticate without fiddler ie will use the domain identity of the user currently logged to windows.
note 2: i try also to connect to an external site and all works so the problem seems related only to the specific intranet site, for example if i try to connect to google groups page (that it's on https) i do correctly the connect requests but in this case the first response is a 407 with this headers
ie uses a proxy to all internet/intranet requests using "automatic configuration script" with a remote pac file on http protocol.
my problem is that by default the request to the intranet site works directly but with fiddler active the prompt to request username and password will appears.
with fiddler after my initial request the server's response is a 401 with this headers
| WWW-Authenticate: | Negotiate |
| Cache-control | no-cache |
| Connection | Keep-Alive |
| Proxy-Support | Session-Based-Authentication |
and then the popup will appear.
note:to autoauthenticate without fiddler ie will use the domain identity of the user currently logged to windows.
note 2: i try also to connect to an external site and all works so the problem seems related only to the specific intranet site, for example if i try to connect to google groups page (that it's on https) i do correctly the connect requests but in this case the first response is a 407 with this headers
| X-Squid-Error | ERR_CACHE_ACCESS_DENIED 0 |
| Proxy-Authenticate | NTLM |
| Proxy-Authenticate | Basic realm="..." |
| X-Cache | MISS from PROXY |
| X-Cache-Lookup | NONE from PROXY:8080 |
| Via | 1.0 PROXY (squid/3.0.STABLE19) |
| Proxy-Connection | close |
| Proxy-Support | Session-Based-Authentication |
EricLaw
Jun 27, 2013, 11:26:55 AM6/27/13
to httpf...@googlegroups.com
The issue here relates to http://msdn.microsoft.com/en-us/library/bb250483(v=vs.85).aspx and http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. You can fix this by manually configuring IE to treat the target site as Intranet, or by using the X-AutoAuth flag in FiddlerCore so that it authenticates on behalf of the user without involving the browser.
kk
Jul 3, 2013, 9:09:50 AM7/3/13
to httpf...@googlegroups.com
adding the target url the the intranet sites works with fiddler active but now i don't understand how can it work before?
i have checked wihtout fiddler and i see that the real proxy is needed to do autoauthentication (so the pac file will not return DIRECT for that url) and i don't understand why that url was treated as intranet site wihout fiddler but as internet with fiddler active (whitout doing a manual inclusion in intranet sites), can you explain that please?
i need to have general code that works in every situations so explicitly adding the problematic urls to intranet sites is not a solution for me :(,
can i always use x-autoauth = "(default)" or there're same cases where this will generate exception? for example if no auth is required
i have checked wihtout fiddler and i see that the real proxy is needed to do autoauthentication (so the pac file will not return DIRECT for that url) and i don't understand why that url was treated as intranet site wihout fiddler but as internet with fiddler active (whitout doing a manual inclusion in intranet sites), can you explain that please?
i need to have general code that works in every situations so explicitly adding the problematic urls to intranet sites is not a solution for me :(,
can i always use x-autoauth = "(default)" or there're same cases where this will generate exception? for example if no auth is required
thanks
EricLaw
Jul 3, 2013, 10:34:09 AM7/3/13
to httpf...@googlegroups.com
If you read the blog post I linked to, you can understand the relationship between the PAC file and the target site's security Zone. Sites in the Intranet Zone authenticate without prompting the user (in IE). Sites in the Internet Zone show the prompt.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages