<testcase> <info> <keywords> HTTP HTTP GET HTTP NTLM auth NTLM </keywords> </info> # Server-side <reply> <!-- First request has NTLM auth, wrong password --> <data100> HTTP/1.1 401 Need NTLM auth Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 27 WWW-Authenticate: NTLM This is not the real page! </data100> <data1101> HTTP/1.1 401 NTLM intermediate Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= This is still not the real page! </data1101> <data1102> HTTP/1.1 401 Sorry wrong password Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 29 WWW-Authenticate: NTLM This is a bad password page! </data1102> <!-- Second request has NTLM auth, right password --> <data200> HTTP/1.1 401 Need NTLM auth (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 27 WWW-Authenticate: NTLM This is not the real page! </data200> <data1201> HTTP/1.1 401 NTLM intermediate (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= This is still not the real page! </data1201> <data1202> HTTP/1.1 200 Things are fine in server land Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 32 Finally, this is the real page! </data1202> <!-- Third request has NTLM auth, wrong password --> <data300> HTTP/1.1 401 Need NTLM auth (3) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 27 WWW-Authenticate: NTLM This is not the real page! </data300> <data1301> HTTP/1.1 401 NTLM intermediate (3) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= This is still not the real page! </data1301> <data1302> HTTP/1.1 401 Sorry wrong password (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 29 WWW-Authenticate: NTLM This is a bad password page! </data1302> <!-- Fourth request has NTLM auth, wrong password --> <data400> HTTP/1.1 401 Need NTLM auth (4) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 27 WWW-Authenticate: NTLM This is not the real page! </data400> <data1401> HTTP/1.1 401 NTLM intermediate (4) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= This is still not the real page! </data1401> <data1402> HTTP/1.1 401 Sorry wrong password (3) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 29 WWW-Authenticate: NTLM This is a bad password page! </data1402> <!-- Fifth request has NTLM auth, right password --> <data500> HTTP/1.1 401 Need NTLM auth (5) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 27 WWW-Authenticate: NTLM This is not the real page! </data500> <data1501> HTTP/1.1 401 NTLM intermediate (5) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= This is still not the real page! </data1501> <data1502> HTTP/1.1 200 Things are fine in server land (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 32 Finally, this is the real page! </data1502> <datacheck> HTTP/1.1 401 NTLM intermediate Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= HTTP/1.1 401 Sorry wrong password Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 29 WWW-Authenticate: NTLM This is a bad password page! HTTP/1.1 401 NTLM intermediate (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= HTTP/1.1 200 Things are fine in server land Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 32 Finally, this is the real page! HTTP/1.1 401 NTLM intermediate (3) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= HTTP/1.1 401 Sorry wrong password (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 29 WWW-Authenticate: NTLM This is a bad password page! HTTP/1.1 401 NTLM intermediate (4) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= HTTP/1.1 401 Sorry wrong password (3) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 29 WWW-Authenticate: NTLM This is a bad password page! HTTP/1.1 401 NTLM intermediate (5) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 33 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= HTTP/1.1 200 Things are fine in server land (2) Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 32 Finally, this is the real page! </datacheck> </reply> # Client-side <client> <features> NTLM SSL !SSPI </features> <server> http </server> <tool> libauthretry </tool> <name> HTTP authorization retry (NTLM) </name> <command> http://%HOSTIP:%HTTPPORT/%TESTNUMBER ntlm ntlm </command> </client> # Verify data after the test has been "shot" <verify> <protocol> GET /%TESTNUMBER0100 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /%TESTNUMBER0100 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyV09SS1NUQVRJT04= Accept: */* GET /%TESTNUMBER0200 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /%TESTNUMBER0200 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyV09SS1NUQVRJT04= Accept: */* GET /%TESTNUMBER0300 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /%TESTNUMBER0300 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyV09SS1NUQVRJT04= Accept: */* GET /%TESTNUMBER0400 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /%TESTNUMBER0400 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyV09SS1NUQVRJT04= Accept: */* GET /%TESTNUMBER0500 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /%TESTNUMBER0500 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyV09SS1NUQVRJT04= Accept: */* </protocol> </verify> </testcase>