test2025 (6837B)
1 <testcase> 2 <info> 3 <keywords> 4 HTTP 5 HTTP GET 6 HTTP Basic auth 7 HTTP NTLM auth 8 NTLM 9 </keywords> 10 </info> 11 # Server-side 12 <reply> 13 14 <!-- Alternate the order that Basic and NTLM headers appear in responses to 15 ensure that the order doesn't matter. --> 16 17 <!-- First request has Basic auth, wrong password --> 18 <data100> 19 HTTP/1.1 401 Sorry wrong password 20 Server: Microsoft-IIS/5.0 21 Content-Type: text/html; charset=iso-8859-1 22 Content-Length: 29 23 WWW-Authenticate: NTLM 24 WWW-Authenticate: Basic realm="testrealm" 25 26 This is a bad password page! 27 </data100> 28 29 <!-- Second request has NTLM auth, right password --> 30 <data200> 31 HTTP/1.1 401 Need Basic or NTLM auth 32 Server: Microsoft-IIS/5.0 33 Content-Type: text/html; charset=iso-8859-1 34 Content-Length: 27 35 WWW-Authenticate: Basic realm="testrealm" 36 WWW-Authenticate: NTLM 37 38 This is not the real page! 39 </data200> 40 41 <data1201> 42 HTTP/1.1 401 NTLM intermediate 43 Server: Microsoft-IIS/5.0 44 Content-Type: text/html; charset=iso-8859-1 45 Content-Length: 33 46 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 47 48 This is still not the real page! 49 </data1201> 50 51 <data1202> 52 HTTP/1.1 200 Things are fine in server land 53 Server: Microsoft-IIS/5.0 54 Content-Type: text/html; charset=iso-8859-1 55 Content-Length: 32 56 57 Finally, this is the real page! 58 </data1202> 59 60 <!-- Third request has Basic auth, wrong password --> 61 <data300> 62 HTTP/1.1 401 Sorry wrong password (2) 63 Server: Microsoft-IIS/5.0 64 Content-Type: text/html; charset=iso-8859-1 65 Content-Length: 29 66 WWW-Authenticate: NTLM 67 WWW-Authenticate: Basic realm="testrealm" 68 69 This is a bad password page! 70 </data300> 71 72 <!-- Fourth request has NTLM auth, wrong password --> 73 <data400> 74 HTTP/1.1 401 Need Basic or NTLM auth (2) 75 Server: Microsoft-IIS/5.0 76 Content-Type: text/html; charset=iso-8859-1 77 Content-Length: 27 78 WWW-Authenticate: Basic realm="testrealm" 79 WWW-Authenticate: NTLM 80 81 This is not the real page! 82 </data400> 83 84 <data1401> 85 HTTP/1.1 401 NTLM intermediate (2) 86 Server: Microsoft-IIS/5.0 87 Content-Type: text/html; charset=iso-8859-1 88 Content-Length: 33 89 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 90 91 This is still not the real page! 92 </data1401> 93 94 <data1402> 95 HTTP/1.1 401 Sorry wrong password (3) 96 Server: Microsoft-IIS/5.0 97 Content-Type: text/html; charset=iso-8859-1 98 Content-Length: 29 99 WWW-Authenticate: NTLM 100 WWW-Authenticate: Basic realm="testrealm" 101 102 This is a bad password page! 103 </data1402> 104 105 <!-- Fifth request has NTLM auth, right password --> 106 <data500> 107 HTTP/1.1 401 Need Basic or NTLM auth (3) 108 Server: Microsoft-IIS/5.0 109 Content-Type: text/html; charset=iso-8859-1 110 Content-Length: 27 111 WWW-Authenticate: Basic realm="testrealm" 112 WWW-Authenticate: NTLM 113 114 This is not the real page! 115 </data500> 116 117 <data1501> 118 HTTP/1.1 401 NTLM intermediate (3) 119 Server: Microsoft-IIS/5.0 120 Content-Type: text/html; charset=iso-8859-1 121 Content-Length: 33 122 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 123 124 This is still not the real page! 125 </data1501> 126 127 <data1502> 128 HTTP/1.1 200 Things are fine in server land (2) 129 Server: Microsoft-IIS/5.0 130 Content-Type: text/html; charset=iso-8859-1 131 Content-Length: 32 132 133 Finally, this is the real page! 134 </data1502> 135 136 <datacheck> 137 HTTP/1.1 401 Sorry wrong password 138 Server: Microsoft-IIS/5.0 139 Content-Type: text/html; charset=iso-8859-1 140 Content-Length: 29 141 WWW-Authenticate: NTLM 142 WWW-Authenticate: Basic realm="testrealm" 143 144 This is a bad password page! 145 HTTP/1.1 401 NTLM intermediate 146 Server: Microsoft-IIS/5.0 147 Content-Type: text/html; charset=iso-8859-1 148 Content-Length: 33 149 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 150 151 HTTP/1.1 200 Things are fine in server land 152 Server: Microsoft-IIS/5.0 153 Content-Type: text/html; charset=iso-8859-1 154 Content-Length: 32 155 156 Finally, this is the real page! 157 HTTP/1.1 401 Sorry wrong password (2) 158 Server: Microsoft-IIS/5.0 159 Content-Type: text/html; charset=iso-8859-1 160 Content-Length: 29 161 WWW-Authenticate: NTLM 162 WWW-Authenticate: Basic realm="testrealm" 163 164 This is a bad password page! 165 HTTP/1.1 401 NTLM intermediate (2) 166 Server: Microsoft-IIS/5.0 167 Content-Type: text/html; charset=iso-8859-1 168 Content-Length: 33 169 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 170 171 HTTP/1.1 401 Sorry wrong password (3) 172 Server: Microsoft-IIS/5.0 173 Content-Type: text/html; charset=iso-8859-1 174 Content-Length: 29 175 WWW-Authenticate: NTLM 176 WWW-Authenticate: Basic realm="testrealm" 177 178 This is a bad password page! 179 HTTP/1.1 401 NTLM intermediate (3) 180 Server: Microsoft-IIS/5.0 181 Content-Type: text/html; charset=iso-8859-1 182 Content-Length: 33 183 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 184 185 HTTP/1.1 200 Things are fine in server land (2) 186 Server: Microsoft-IIS/5.0 187 Content-Type: text/html; charset=iso-8859-1 188 Content-Length: 32 189 190 Finally, this is the real page! 191 </datacheck> 192 193 </reply> 194 195 # Client-side 196 <client> 197 <features> 198 NTLM 199 SSL 200 !SSPI 201 </features> 202 <server> 203 http 204 </server> 205 <tool> 206 lib2023 207 </tool> 208 209 <name> 210 HTTP authorization retry (Basic switching to NTLM) 211 </name> 212 <command> 213 http://%HOSTIP:%HTTPPORT/%TESTNUMBER basic ntlm 214 </command> 215 </client> 216 217 # Verify data after the test has been "shot" 218 <verify> 219 <protocol> 220 GET /%TESTNUMBER0100 HTTP/1.1 221 Host: %HOSTIP:%HTTPPORT 222 Authorization: Basic %b64[testuser:wrongpass]b64% 223 Accept: */* 224 225 GET /%TESTNUMBER0200 HTTP/1.1 226 Host: %HOSTIP:%HTTPPORT 227 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 228 Accept: */* 229 230 GET /%TESTNUMBER0200 HTTP/1.1 231 Host: %HOSTIP:%HTTPPORT 232 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyV09SS1NUQVRJT04= 233 Accept: */* 234 235 GET /%TESTNUMBER0300 HTTP/1.1 236 Host: %HOSTIP:%HTTPPORT 237 Authorization: Basic %b64[testuser:wrongpass]b64% 238 Accept: */* 239 240 GET /%TESTNUMBER0400 HTTP/1.1 241 Host: %HOSTIP:%HTTPPORT 242 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 243 Accept: */* 244 245 GET /%TESTNUMBER0400 HTTP/1.1 246 Host: %HOSTIP:%HTTPPORT 247 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyV09SS1NUQVRJT04= 248 Accept: */* 249 250 GET /%TESTNUMBER0500 HTTP/1.1 251 Host: %HOSTIP:%HTTPPORT 252 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 253 Accept: */* 254 255 GET /%TESTNUMBER0500 HTTP/1.1 256 Host: %HOSTIP:%HTTPPORT 257 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyV09SS1NUQVRJT04= 258 Accept: */* 259 260 </protocol> 261 </verify> 262 </testcase>