When a client needs to authenticate itself to a proxy or server using the NTLM scheme (used by the CardioLog Tracking Agent web application) then the following 4-way handshake takes place:
1: Client --> Server GET ...
2: Client <-- Server 401 Unauthorized
WWW-Authenticate: NTLM
3: Client --> Server GET ...
Authorization: NTLM <base64-encoded type-1-message>
(This message contains the host name and the NT domain name of the client.)
4: Client <-- Server 401 Unauthorized
WWW-Authenticate: NTLM <base64-encoded type-2-message>
(This message contains the server's NTLM challenge.)
5: Client --> Server GET ...
Authorization: NTLM <base64-encoded type-3-message>
(This message contains the username, host name, NT domain name, and the two
"responses".)
6: Client <-- Server 200 OK
0 Comments