1

WinHTTP authentication described here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx

works if I don't use "Transfer-Encoding: Chunked\r\n" header when calling WinHttpSendRequest(). If I do, I'm not able to log on, because WinHttpReceiveResponse() fails after setting credentials with WinHttpSetCredentials() and resending the request again with WinHttpSendRequest(). Since I really need chunked transfer, is it possible to use it in combination with windows authentication?

Here is the log of audit failure when using chunked encoding: 

SubjectUserSid S-1-5-18 
SubjectUserName MY-PC-NAME$ 
SubjectDomainName WORKGROUP 
SubjectLogonId 0x3e7 
TargetUserSid S-1-0-0 
TargetUserName Administrator 
TargetDomainName MY-PC-NAME
Status 0xc000006d 
FailureReason %%2313 
SubStatus 0xc000006a 
LogonType 2 
LogonProcessName User32  
AuthenticationPackageName Negotiate 
WorkstationName MY-PC-NAME 
TransmittedServices - 
LmPackageName - 
KeyLength 0 
ProcessId 0x1d8 
ProcessName C:\Windows\System32\winlogon.exe 
IpAddress 127.0.0.1 
IpPort 0

And, here is the successful audit without chunked encoding:

SubjectUserSid S-1-0-0 
SubjectUserName - 
SubjectDomainName - 
SubjectLogonId 0x0 
TargetUserSid S-1-5-21-4112068699-3954607238-3758397191-1005 
TargetUserName moose 
TargetDomainName MY-PC-NAME 
TargetLogonId 0x137576fb8 
LogonType 3 
LogonProcessName NtLmSsp  
AuthenticationPackageName NTLM 
WorkstationName M_10 
LogonGuid {00000000-0000-0000-0000-000000000000} 
TransmittedServices - 
LmPackageName NTLM V2 
KeyLength 128 
ProcessId 0x0 
ProcessName - 
IpAddress 167.109.28.37 
IpPort 56695

As you can see, so many things are different: domain, username, IP, port, Logon type, TargetUserSid, etc... And all beacuse of "Transfer-Encoding: Chunked\r\n"!?

EDIT:

To make it simple, the question is:

success = WinHttpSetCredentials( hPostRequest, target, authScheme, IIS_USER_NAME, IIS_PWD, NULL );
success = WinHttpSendRequest( hPostRequest,
                              L"Transfer-Encoding: Chunked\r\n",
                              (DWORD)-1,
                              WINHTTP_NO_REQUEST_DATA,
                              0,
                              WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH,
                              0 );

After successful return values, what WinHttp API to call next?

  • Without seeing the raw HTTP request/response data that is being transmitted, it is hard to diagnose your problem. Maybe the server does not support chunked requests (despite HTTP 1.1 requiring servers to support chunked requests), or maybe you are not actually sending a chunked request body even though you are claiming to. What exactly is chunked about your requests? – Remy Lebeau Oct 01 '13 at 21:49
  • The server supports it, because it works with chunked requests without any authentication. To that working code I added authentication now. When you say "maybe you are not actually sending a chunked request body", how can we be 100% sure that I am? I believe I can provide what you need. I need chunked transfer because I have a POST request, which is actually a live smooth stream being pushed to IIS. So, it will 'never' end. –  Oct 01 '13 at 21:56
  • If the HTTP request never ends, how do you expect to get an HTTP response at all? The server can't send a response until it receives a complete request first. HTTP is not a pushing protocol. There are ways to do server-side pushes, but I have never heard of client-side pushes. – Remy Lebeau Oct 01 '13 at 23:38
  • I just read Microsoft's Live Smooth Streaming spec, and it is not a chunked transfer from client to server, it is a chunked transfer from server to client. Which is how most chunked transfers in HTTP are used. So how are you posting a Live Smooth Stream from your client to IIS, when IIS is the one who sends out Live Smooth Streams to clients instead? – Remy Lebeau Oct 01 '13 at 23:46
  • I have publishing point with a push live source type and my application connects to it and streams the live stream. That stream is fragmented mp4. And that's where chunked encoding comes in. You are talking about client side that connects to IIS in order to watch that stream and I'm not writing that part of the application. My application creates the streamand feeds the IIS with it. –  Oct 02 '13 at 00:41
  • @Remy, perhaps this will provide better answer to your question: http://blogs.iis.net/thalesc/archive/2011/02/08/how-to-do-live-streaming-with-the-smooth-streaming-format-sdk.aspx –  Oct 02 '13 at 00:48
  • Have you tried using Wireshark or Fiddler to look at the actual HTTP requests/responses to find out why things are failing? What kind of authentication are you using? NTLM requires multiple round trips in order to pass all of the authentication data. Maybe `WinHttpSendRequest()` is not handling that correctly when sending a chunked request? Once authentication is finished and your chunk data starts flowing, you are not going to get a response from the server until after you send the final chunk at the end of the stream. Are you accounting for that? – Remy Lebeau Oct 02 '13 at 02:10
  • It is really difficult to diagnose your problem when you have not shown any of your code logic. – Remy Lebeau Oct 02 '13 at 02:11
  • I didn't use Wireshark because it's difficult to get some human readable data with it. Tried with Network Monitor, but I don't know the 'WinHttpSendRequest()' drill when using chunked data. However, I can see multiple round trips (NTLM) without chunked data when authentication succeeds. But, as you said, the question is: Can 'WinHttpSendRequest()' handle it correctly? I can share the WinHttp code if you find it helpful. –  Oct 02 '13 at 02:36

0 Answers0