« Hide

Steps to reproduce:
1. Setup a URL (eg. servlet in java) that requests NTLM authentication. On successful authentication, IE sends the NTLM token, the user is authenticated on the server and the server sends back a html page with a flex application.
    Example URL: http://myserver:8080/MyApp/ntlmservlet

2. The flex application then calls a web service in the same web application. The web service does not require NTLM authentication and in fact does not support NTLM authentication.
    Example web service URL: http://myserver:8080/MyApp/services/MyService?wsdl

3. Examine the HTTP headers (web use SmartSniff). Flex appears to call the web service but adds an NTLM message and no SOAP content. This causes the web service to fail, sending back 'HTTP/1.1 500 Internal Server Error' and the flex application throws an exception.
 
 Actual Results:
** When running in Internet explorer **:
Flex appears to call the web service but adds an NTLM message and no SOAP content. This causes the web service to fail, sending back 'HTTP/1.1 500 Internal Server Error' and the flex application throws an error:

[RPC Fault faultString="HTTP request error" faultCode="Server.Error.Request" faultDetail="Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: http://penguin:8080/MyApp/services/ConfigurationService"]. URL: http://penguin:8080/MyApp/services/ConfigurationService"]
at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::faultHandler()
at mx.rpc::Responder/fault()
at mx.rpc::AsyncRequest/fault()
at DirectHTTPMessageResponder/errorHandler()
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/redirectEvent()
 
 


HTTP request and response:

[5/14/2008 8:20:15 AM:974]
POST /MyApp/services/ConfigurationService HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://penguin:8080/MyApp/MyApp.swf
x-flash-version: 9,0,115,0
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Content-Length: 0
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Host: penguin:8080
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=AA9BE19AB5A849768E0CE1D6A01AF6EC
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogQABAAuAAAABgAGACgAAAAFASgKAAAAD1NUVUFSVEVTUkk=


[5/14/2008 8:20:16 AM:005]
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 13 May 2008 22:20:27 GMT
Connection: close

204
<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.userException</faultcode><faultstring>org.xml.sax.SAXParseException: Premature end of file.</faultstring><detail><ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">penguin</ns1:hostname></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
0

** When running in Firefox **:
Flex calls the web service with no NTLM message and valid SOAP content. The web service responds as expected.

HTTP request and response:

[5/14/2008 8:18:47 AM:541]
POST /MyApp/services/ConfigurationService HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://penguin:8080/MyApp/MyApp.swf
x-flash-version: 9,0,115,0
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Content-Length: 431
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Host: penguin:8080
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=AB8610A25591185C0EE31D98C6CC4EA5

<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><getDefaultSettings xmlns="http://config.MyApp.esriau.com.au"><ns0:xml xmlns:ns0="http://config.MyApp.esriau.com.au">&lt;request/&gt;</ns0:xml></getDefaultSettings></SOAP-ENV:Body></SOAP-ENV:Envelope>
[5/14/2008 8:18:47 AM:557]
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 13 May 2008 22:18:58 GMT

c54
<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><getDefaultSettingsResponse xmlns="http://config.MyApp.esriau.com.au"><getDefaultSettingsReturn>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;response&gt;
&lt;config&gt;
&lt;defaultsettings&gt;
... removed confidential content ...
&lt;/defaultsettings&gt;
&lt;/config&gt;&lt;/response&gt;</getDefaultSettingsReturn></getDefaultSettingsResponse></soapenv:Body></soapenv:Envelope>
0


 Expected Results:
Would expect the web service call (after NTLM authentication on a different URL) to behave in IE the same way it does in Firefox.

That is:
Flex calls the web service with no NTLM message and valid SOAP content. The web service responds as expected.

 Workaround (if any):

Show »

Steps to reproduce: 1. Setup a URL (eg. servlet in java) that requests NTLM authentication. On successful authentication, IE sends the NTLM token, the user is authenticated on the server and the server sends back a html page with a flex application.     Example URL: http://myserver:8080/MyApp/ntlmservlet 2. The flex application then calls a web service in the same web application. The web service does not require NTLM authentication and in fact does not support NTLM authentication.     Example web service URL: http://myserver:8080/MyApp/services/MyService?wsdl 3. Examine the HTTP headers (web use SmartSniff). Flex appears to call the web service but adds an NTLM message and no SOAP content. This causes the web service to fail, sending back 'HTTP/1.1 500 Internal Server Error' and the flex application throws an exception.    Actual Results: ** When running in Internet explorer **: Flex appears to call the web service but adds an NTLM message and no SOAP content. This causes the web service to fail, sending back 'HTTP/1.1 500 Internal Server Error' and the flex application throws an error: [RPC Fault faultString="HTTP request error" faultCode="Server.Error.Request" faultDetail="Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: http://penguin:8080/MyApp/services/ConfigurationService"]. URL: http://penguin:8080/MyApp/services/ConfigurationService"] at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::faultHandler() at mx.rpc::Responder/fault() at mx.rpc::AsyncRequest/fault() at DirectHTTPMessageResponder/errorHandler() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at flash.net::URLLoader/redirectEvent()     HTTP request and response: [5/14/2008 8:20:15 AM:974] POST /MyApp/services/ConfigurationService HTTP/1.1 Accept: */* Accept-Language: en-US Referer: http://penguin:8080/MyApp/MyApp.swf x-flash-version: 9,0,115,0 Content-Type: text/xml; charset=utf-8 SOAPAction: "" Content-Length: 0 UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) Host: penguin:8080 Connection: Keep-Alive Cache-Control: no-cache Cookie: JSESSIONID=AA9BE19AB5A849768E0CE1D6A01AF6EC Authorization: NTLM TlRMTVNTUAABAAAAB7IIogQABAAuAAAABgAGACgAAAAFASgKAAAAD1NUVUFSVEVTUkk= [5/14/2008 8:20:16 AM:005] HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=utf-8 Transfer-Encoding: chunked Date: Tue, 13 May 2008 22:20:27 GMT Connection: close 204 <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.userException</faultcode><faultstring>org.xml.sax.SAXParseException: Premature end of file.</faultstring><detail><ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">penguin</ns1:hostname></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope> 0 ** When running in Firefox **: Flex calls the web service with no NTLM message and valid SOAP content. The web service responds as expected. HTTP request and response: [5/14/2008 8:18:47 AM:541] POST /MyApp/services/ConfigurationService HTTP/1.1 Accept: */* Accept-Language: en-US Referer: http://penguin:8080/MyApp/MyApp.swf x-flash-version: 9,0,115,0 Content-Type: text/xml; charset=utf-8 SOAPAction: "" Content-Length: 431 UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) Host: penguin:8080 Connection: Keep-Alive Cache-Control: no-cache Cookie: JSESSIONID=AB8610A25591185C0EE31D98C6CC4EA5 <?xml version="1.0" encoding="utf-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><getDefaultSettings xmlns="http://config.MyApp.esriau.com.au"><ns0:xml xmlns:ns0="http://config.MyApp.esriau.com.au">&lt;request/&gt;</ns0:xml></getDefaultSettings></SOAP-ENV:Body></SOAP-ENV:Envelope> [5/14/2008 8:18:47 AM:557] HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=utf-8 Transfer-Encoding: chunked Date: Tue, 13 May 2008 22:18:58 GMT c54 <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><getDefaultSettingsResponse xmlns="http://config.MyApp.esriau.com.au"><getDefaultSettingsReturn>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt; &lt;response&gt; &lt;config&gt; &lt;defaultsettings&gt; ... removed confidential content ... &lt;/defaultsettings&gt; &lt;/config&gt;&lt;/response&gt;</getDefaultSettingsReturn></getDefaultSettingsResponse></soapenv:Body></soapenv:Envelope> 0  Expected Results: Would expect the web service call (after NTLM authentication on a different URL) to behave in IE the same way it does in Firefox. That is: Flex calls the web service with no NTLM message and valid SOAP content. The web service responds as expected.  Workaround (if any):