Home/ Questions/Q 8998629
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T00:03:46+00:00

I have a little crazy problem. I have an IIS7 where I need to

  • 0

I have a little crazy problem. I have an IIS7 where I need to post a formular via POST, also I need to authenticate via NTLM and all this stuff thrue a SSL connection. So far I managed it to connect to the server and post my data.

After the POST I’ll get on success a 302 response which redirects me to a second page. The DefaultHttpClient connects to the webserver does the auth and post the data. So far everything works. But now the client closes the connection and opens a second connection (this behavoir is anying me) but this is not my problem. On the second connection the client forget how to auth on the IIS and breaks with the 401 auth error.

So far I can see this is a fixed bug in the source of DefaultHttpClient, but Android seems to use an older version of this lib. How can I fix that bug which seems to be on every android device on the world?

Here are the relevant parts of my communication:

POST /login/ HTTP/1.1
Content-Length: 21
Content-Type: application/x-www-form-urlencoded
Host: example.com
Connection: Keep-Alive
Cookie: ASPSESSION...

[the post data]

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: NTLM
Content-Length: 1344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
...
</html>

POST /login/ HTTP/1.1
Content-Length: 21
Content-Type: application/x-www-form-urlencoded
Host: example.com
Connection: Keep-Alive
Cookie: ASPSESSION...
Authorization: NTLM ABC...==

[the post data]

HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: NTLM ABC...DEF
Content-Length: 341

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Authorized</TITLE>...</HTML>

POST /login/ HTTP/1.1
Content-Length: 21
Content-Type: application/x-www-form-urlencoded
Host: example.com
Connection: Keep-Alive
Cookie: ASPSESSION...
Authorization: NTLM ABC...DEF

[the post data]

HTTP/1.1 302 Moved Temporary
Cache-Control: private,no-cache
Pragma: no-cache
Content-Length: 31
Content-Type: application/json; Charset=UTF-8
Expires: Fri, 07 Dec 2012 07:01:00 GMT
Location: /login/step2.asp
Server: Microsoft-IIS/7.5
Set-Cookie: [...] path=/login/; HttpOnly;
Persistent-Auth: true

[some response]

— now does the connetion close and a second https connection is opened —

GET /login/step2.asp HTTP/1.1
Host: example.com
Connection: Keep-Alive
Cookie: ASPSESSION...


HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: NTLM
Content-Length: 1344

— and the connection closes again —

Does you know a way to fix that?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well this is no solution just a workaround for my problem, but this may help. I override the createClientRequestDirector function in the DefaultHttpClient where I handle the redirect by my own.

    The cause for the connection closing is that I play with the host names, so I connect to the IP and not the host name. The result is that the client looks while redirection if the connection can be reused by comparing the source and destination url. So it will be compaired https://www.example.com/ with https://127.0.0.1/ which failes and the conenction will be closed.

    My solution is that I check this part by my own. And if the hostname and IP matches I’ll return the last used IP. The result is that the connection can be reused and I don’t run in the bug linked above.

    • 0