Forum Discussion

adamofeden's avatar
adamofeden
16 years ago

401 Error Authenticating with IIS7 MS 2008 Sharepoint

Endeavouring to fetch WSDL from sharepoint service on a Windows Server 2008 running IIS7.

I have seen various messages regarding NTLM authentication but the server is enabled for basic as well as NTLM.

Could it be that it is failing on NTLM due to the server expecting V2 and the fact that SOAPUI doesn't know to roll back to more basic authentication?

Please see below the wireshark output for the failed authentication.

GET /_vti_bin/Lists.asmx?WSDL HTTP/1.1

User-Agent: Jakarta Commons-HttpClient/3.1

Host: 172.16.3.3



HTTP/1.1 401 Unauthorized

Server: Microsoft-IIS/7.0

WWW-Authenticate: NTLM

WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="7f118d83281fca01fbb9b1d4996625b194943d12b2d86d94a3ded1c8b0fb5cbadbb05afb9aac04e8",charset=utf-8,realm="Digest"

WWW-Authenticate: Basic realm="172.16.3.3"

X-Powered-By: ASP.NET

MicrosoftSharePointTeamServices: 12.0.0.6219

Date: Mon, 17 Aug 2009 10:50:19 GMT

Content-Length: 0



GET /_vti_bin/Lists.asmx?WSDL HTTP/1.1

User-Agent: Jakarta Commons-HttpClient/3.1

Authorization: NTLM TlRMTVNTUAABAAAABlIAAAUABQAqAAAACgAKACAAAAAxNzIuMTYuMy4zV0hJVEU=

Host: 172.16.3.3



HTTP/1.1 401 Unauthorized

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0

WWW-Authenticate: NTLM TlRMTVNTUAACAAAABQAFADgAAAAGAoECFXrDxNXtrPwAAAAAAAAAAIIAggA9AAAABgBxFwAAAA9XSElURQIACgBXAEgASQBUAEUAAQAOAFcAQwBQAEIAUwBIADEABAASAFcAaABpAHQAZQAuAGMAbwBtAAMAIgBXAEMAUABCAFMASAAxAC4AVwBoAGkAdABlAC4AYwBvAG0ABQASAFcAaABpAHQAZQAuAGMAbwBtAAcACACvSOmJKB/KAQAAAAA=

Date: Mon, 17 Aug 2009 10:50:30 GMT

Content-Length: 341



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">

<HTML><HEAD><TITLE>Not Authorized</TITLE>

<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>

<BODY><h2>Not Authorized</h2>

<hr><p>HTTP Error 401. The requested resource requires user authentication.</p>

</BODY></HTML>

GET /_vti_bin/Lists.asmx?WSDL HTTP/1.1

User-Agent: Jakarta Commons-HttpClient/3.1

Authorization: NTLM TlRMTVNTUAADAAAAGAAYAFgAAAAAAAAAcAAAAAUABQBAAAAACQAJAEUAAAAKAAoATgAAAAAAAABwAAAABlIAAFdISVRFRURFTi5URVNUMTcyLjE2LjMuM6Zw6hi5GuwaO7XvMZV3LJWpwo8TJJqvWA==

Host: 172.16.3.3



HTTP/1.1 401 Unauthorized

Server: Microsoft-IIS/7.0

WWW-Authenticate: NTLM

WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="13aaeb89281fca016ed0cc702bce202f13d8d58dc295346c6eae69b0750a5884138eaa609d69bbff",charset=utf-8,realm="Digest"

WWW-Authenticate: Basic realm="172.16.3.3"

X-Powered-By: ASP.NET

MicrosoftSharePointTeamServices: 12.0.0.6219

Date: Mon, 17 Aug 2009 10:50:30 GMT

Content-Length: 0


In other message it also mention a registry setting to enable NTLM v1 support but the resulting page seems to be only for enabling v2. Please help. Many thanks in advance.
  • bkesava's avatar
    bkesava
    New Contributor
    13 years ago
    soapUI doesn’t seem to work directly with NTLM authentication, but you can use a proxy such as Burp Suite to do the auth for you.

    Download Burp Suite from http://www.portswigger.net/burp/downloadfree.html and install it with default settings
    On Burp’s “Proxy : Intercept” tab, click the button to turn intercept off.
    On Burp’s “Proxy : Options” tab, make sure it’s set to an unused port, the default is 8081
    On Burp’s “Options” tab, tick “do www authentication” and add a setting for the server you wish to hit. Also tick “prompt for credentials on authentication failure”
    Switch to Burp’s “Proxy : History” tab so you can see requests going through.
    In SoapUI, choose File > Preferences, then select “Proxy Settings”. Enter Host “localhost” and port “8081″.
    Use SoapUI as normal. It will send requests through Burp Proxy, which will do the NTLM authentication for you.