client authentication scheme \u0027Ntlm\u0027 - iis

I get this error can hrlp me :
{"error":"The HTTP request is unauthorized with client authentication scheme \u0027Ntlm\u0027. The authentication header received from the server was \u0027Negotiate,NTLM\u0027."}
thanks

Related

Where can I find logs for failed SASL XOAUTH2 authentications?

I have a custom Go CLI app that I am currently successfully able to use to trigger authentication and get a valid OAUTH2 access token (it generates a URL for me to browse to, and starts a listener to act as the redirect URL to receive the resulting authentication code). I'm then creating the SASL XOAUTH2 encoded string that contains my username and the access token as a bearer token (see this for SASL XOAUTH2 token format) to use with mbsync's XOAUTH2 authentication mechanism.
However, authentication fails with the following message from mbsync:
IMAP command 'AUTHENTICATE XOAUTH2 <base64-encoded token>' returned an error: NO AUTHENTICATE failed.
I cannot figure out if authentication fails because my SASL XOAUTH2 token is formatted incorrectly, because I don't have the correct scopes defined, etc.
Can someone tell me where I might be able to find error logs for these failed authentication attempts? I see logs for my successful logins when generating the authentication code and access token that's part of the OAUTH2 flow, but I can't find any logs for failed SASL XOAUTH2 logins against IMAP.

POST request for GMAIL API wont go through

I am using the gmail API and I'm trying to do a POST request for the watch user endpoint ( https://developers.google.com/gmail/api/reference/rest/v1/users/watch ).
I'm doing it on postman by usnig this URL which I need and inside of headers I add the auth and it's code.
POST REQUEST TO
https://www.googleapis.com/gmail/v1/users/me/watch
Headers:
Authorization: Bearer secretcode
By sending this request, I'm getting an error of 401 which says "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.

Checking in nodeJS Express if IIS Client Cert Authentication went ok

I have some client machines that connect to my IIS server using client certificate authorization. I have a node.js webapp published on IIS (using iisnode) that receives the requests from the clients.
Is there a way in express to know if the authentication was ok? I know that if the authentication was not ok the http request does not reach to express because it is rejected but I need a field to check if it was ok, because I access the same webapp without ssl and I this particar request only needs to be called if the call was using the client ssl authentication.
I tried with req.socket.authorized but it is undefined and with req.socket.getPeerCertificate(true) I am getting TypeError: req.socket.getPeerCertificate is not a function
req.secure
A Boolean property that is true if a TLS connection is
established. Equivalent to:
'https' == req.protocol;
http://expressjs.com/en/api.html#req.secure

IIS windows authentication (NTLM)

We are using IIS 7.5 with only windows authentication enabled. providers are ntlm and negogiate ( since we want it to be accessible via internet).
The client is silverlight calling wcf services. even though we have session established the client sends the negotiate and server return 401 with some authentication token. this happends intermettinetly , with many sucessful calls ( intermingled with failed calls)
Many calls work fine and just send sessionid and everthing works fine.
In fiddler we see below
Client sends
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
ASP.NET_SessionId=0ix0fqf02j1imrpfc4awit3w
Server sends
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACgAKADgAAAAVgonitqRU/FVLp9EAAAAAAAAAAI4AjgBCAAAABgGxHQAAAA9BAEQATABBAEIAAgAKAEEARABMAEEAQgABAA4AQwBJAFIAVAAtAEQAMwAEABYAYQBkAGwAYQBiAC4AbABvAGMAYQBsAAMAJgBDAEkAUgBUAC0ARAAzAC4AYQBkAGwAYQBiAC4AbABvAGMAYQBsAAUAFgBhAGQAbABhAGIALgBsAG8AYwBhAGwABwAIAMsTFgtFNc4BAAAAAA
I'm not positive I understand your question but I'm guessing that you want to resolve the intermittent NTLM failures?
The headers you describe are part of the challenge response protocol of NTLM. Here's a more complete example:
Client: Get / HTTP/1.1
Server: HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Client: Get / HTTP/1.1
Authorization: Negotiate ###################### (encrypted Negotiate)
Server: HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate ###################### (encrypted Challenge)
Client: Get / HTTP/1.1
WWW-Authenticate: Negotiate ###################### (encrypted Response)
Server: HTTP/1.1 200 OK
It's probably a bad idea to use this Authentication method across the public internet; it's intended to be used within private intranets where both client and server can access a common Windows Active Directory Domain.
I suspect that your issue may be addressed in the "You are intermittently prompted for credentials or experience time-outs when you connect to Authenticated Services" KB article.
Here are some other related references:
NTLM Bottlenecks and the RPC runtime
NTLM and MaxConcurrentApi Concerns
Performance tuning for NTLM authentication

SoundCloud - 401 Unauthorized Error - Authenticating without the SoundCloud Connect Screen

I'm new to SoundCloud and have been following the developers documentation in Authenticating without SoundCloud screen.
However when my application sends the request I recieve a 401 Unauthorized error. In the documentation it specifies to check that the client_id or access_token is not missing and its not.
I can't figure out what is the issue here. I've checked the following:
Register Application - Check
Pass client_id and client_secret - Check
Here is my code that calls to the sound cloud server:
response = (HttpWebResponse)request.GetResponse();
Here are the values of the request object:
AuthenticationLevel MutualAuthRequested
CachePolicy {Level:BypassCache}
ConnectionGroupName null
ContentLength -1
ContentType "application/json"
Credentials null
Headers {Content-Type: application/json}
ImpersonationLevel Delegation
Method "POST"
PreAuthenticate false
Proxy {System.Net.WebRequest.WebProxyWrapper}
RequestUri {https://api.soundcloud.com/oauth2/token?client_id=############&client_secret=###########&grant_type=password&username=#######&password=########}
Timeout 100000
UseDefaultCredentials false
After the call I receive a 401 Unauthorized error, I even tried following Geek Life's blog but received the same error.
Am I missing something here?
I think the problem here is that you are sending the client credentials in the query string of the request. You must send them in the request body instead.

Resources