1

I am just starting to explore Postman (win10, behind lots of corporate firewalls and proxies).

I had no problem reaching https://postman-echo.com for GET and POST requests.

But we have an internal website that has a self-sign certificate which also pops up a username/password request in Chrome (It seems it using Basic Auth) Anyway the GET request works when put the URL box. https://epicorapp2/ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/JobEntries?%2524top=1

Here is what I have done:

  1. Used settings to turn off General/SSL cert verification
  2. Used settings/proxy (Use System Proxy)

and in all cases I done settings for SSL certificate Verification (off)

and I still get:

Could not get any response
There was an error connecting to https://epicorapp2/ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/JobEntries?%2524top=1.
Why this might have happened:
The server couldn't send a response:
Ensure that the backend is working properly
Self-signed SSL certificates are being blocked:
Fix this by turning off 'SSL certificate verification' in Settings > General
Proxy configured incorrectly
Ensure that proxy is configured correctly in Settings > Proxy
Request timeout:
Change request timeout in Settings > General

But what is working oddly enough is if I turn on Fiddler v4 and then I see traffic both in fiddler and in postman.

So what am I not configuring properly?

Full request contents:

GET /ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/JobEntries?%24top=1 HTTP/1.1
Host: epicorapp2
Authorization: Basic eXNnNDIwNjp5ZWNoZXprYWw=
cache-control: no-cache
Postman-Token: d1a57676-8381-4eed-bb6e-c1bb61888faf
Dr.YSG
  • 7,171
  • 22
  • 81
  • 139

1 Answers1

4

There is a setting called "Automatically Authenticate" within Fiddler with will automatically use the credentials of the current user to do NTLM/Kerberos authentication when required. If it's ticked in your config, it might offer a hint about why it's working:

enter image description here

Just to make sure it's not a quirk within Postman, try a different REST client, such as Insomnia, and see if you get the same outcome (I personally had to move to this one from Postman, since it could successfully do NTLM authentication). It supports proxies so you should be good.

Mihai Albert
  • 1,288
  • 1
  • 12
  • 27
  • You are correct, in that they Automatically Authenticate rule is on. Now I am trying to figure out why PostMAN NTLM is not working. I am getting back a message that 401 - Unauthorized: Access is denied due to invalid credentials. – Dr.YSG May 01 '19 at 20:39
  • I have tried leaving the advanced params empty (as well as values for the DONAIN, but I am not sure about that, and the workstation). But same error. Downloaded Insomnia – Dr.YSG May 01 '19 at 20:41
  • Insomnia also has an issue with Microsoft NTLM: 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied. – Dr.YSG May 01 '19 at 20:44
  • I'd look for a way to reach the internal server while being sure no proxy gets in the way, since currently it's not clear if it's the proxy getting in the way, or the app itself. Another thing - if using Kerberos, then FQDN might be needed for the server name, depending on how the SPNs are set. – Mihai Albert May 02 '19 at 10:58
  • Ok looks like I should learn about setting up digest Auth for iis - I am a sysadmin on the web server – Dr.YSG May 02 '19 at 14:31
  • It looks like the request for the password is not coming directly from IIS (the authoriization is turned off) and it is also not asking for a password based on our domain server. What there is, an .NET application pool that you trigger behind certain URLS (reverse routes?) and it redirects that url to the app pool, which is asking for a password (DB based) So this has morphed into a different question. (it from (I guess it sends a 401 and asks for user/password). – Dr.YSG May 02 '19 at 16:32
  • here is the new thread: https://stackoverflow.com/questions/55957047/iis-app-pool-application-asks-for-password-basic-auth-but-neither-postman-or-i – Dr.YSG May 02 '19 at 16:56