This repository has been archived by the owner on Jul 9, 2023. It is now read-only.
Support NTLM/Kerberos upstream proxy authentication #944
Comments
Upon further inspection it seems to me that the library does not handle the case when the upstream proxy server supports NTLM/Kerberos authentication. I'm willing to implement it, I just need some guidance on what may already be in place to support it in this huge code base. On the protocol side, it should no be very difficult:
As you can see the proxy server itself replies with supported authentication mechanisms and I've seen some |
SamuelePilleri
changed the title
EnableWinAuth 407 ProxyAuthenticationRequired
Support NTLM/Kerberos upstream proxy authentication
Jan 5, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm trying to create a local proxy service based on the WindowsService example to overcome limitations in my company.
Every PC is set up with a PAC URL that contains what proxy to use for each destination. This is what a correct request to the outside world looks like:
Based on the example provided, this is what I've written:
However the exception
Upstream proxy failed to create a secure tunnel
is raised.titanium-web-proxy/src/Titanium.Web.Proxy/Network/TcpConnection/TcpConnectionFactory.cs
Line 519 in 902504a
Looking at the code it may depend on how Windows authentication is handled.
titanium-web-proxy/src/Titanium.Web.Proxy/ResponseHandler.cs
Lines 40 to 47 in 902504a
I guess the problem here is the upstream proxy replying with 407 rather then 401, but I have limited debugging capabilities (work PC) and it's hard to investigate further.
Can someone please help me troubleshoot this? I'm using .NET Core 6 (can't install full Visual Studio) and Titanium 3.2.0.
The text was updated successfully, but these errors were encountered: