1<testcase> 2<info> 3<keywords> 4HTTP 5HTTP GET 6HTTP Digest auth 7HTTP NTLM auth 8NTLM 9</keywords> 10</info> 11# Server-side 12<reply> 13 14<!-- Alternate the order that Digest and NTLM headers appear in responses to 15ensure that the order doesn't matter. --> 16 17<!-- First request has Digest auth, wrong password --> 18<data100> 19HTTP/1.1 401 Need Digest or NTLM auth 20Server: Microsoft-IIS/5.0 21Content-Type: text/html; charset=iso-8859-1 22Content-Length: 27 23WWW-Authenticate: NTLM 24WWW-Authenticate: Digest realm="testrealm", nonce="1" 25 26This is not the real page! 27</data100> 28 29<data1100> 30HTTP/1.1 401 Sorry wrong password 31Server: Microsoft-IIS/5.0 32Content-Type: text/html; charset=iso-8859-1 33Content-Length: 29 34WWW-Authenticate: Digest realm="testrealm", nonce="2" 35WWW-Authenticate: NTLM 36 37This is a bad password page! 38</data1100> 39 40<!-- Second request has NTLM auth, right password --> 41<data200> 42HTTP/1.1 401 Need Digest or NTLM auth (2) 43Server: Microsoft-IIS/5.0 44Content-Type: text/html; charset=iso-8859-1 45Content-Length: 27 46WWW-Authenticate: NTLM 47WWW-Authenticate: Digest realm="testrealm", nonce="3" 48 49This is not the real page! 50</data200> 51 52<data1201> 53HTTP/1.1 401 NTLM intermediate 54Server: Microsoft-IIS/5.0 55Content-Type: text/html; charset=iso-8859-1 56Content-Length: 33 57WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 58 59This is still not the real page! 60</data1201> 61 62<data1202> 63HTTP/1.1 200 Things are fine in server land 64Server: Microsoft-IIS/5.0 65Content-Type: text/html; charset=iso-8859-1 66Content-Length: 32 67 68Finally, this is the real page! 69</data1202> 70 71<!-- Third request has Digest auth, wrong password --> 72<data300> 73HTTP/1.1 401 Need Digest or NTLM auth (3) 74Server: Microsoft-IIS/5.0 75Content-Type: text/html; charset=iso-8859-1 76Content-Length: 27 77WWW-Authenticate: Digest realm="testrealm", nonce="4" 78WWW-Authenticate: NTLM 79 80This is not the real page! 81</data300> 82 83<data1300> 84HTTP/1.1 401 Sorry wrong password (2) 85Server: Microsoft-IIS/5.0 86Content-Type: text/html; charset=iso-8859-1 87Content-Length: 29 88WWW-Authenticate: NTLM 89WWW-Authenticate: Digest realm="testrealm", nonce="5" 90 91This is a bad password page! 92</data1300> 93 94<!-- Fourth request has NTLM auth, wrong password --> 95<data400> 96HTTP/1.1 401 Need Digest or NTLM auth (4) 97Server: Microsoft-IIS/5.0 98Content-Type: text/html; charset=iso-8859-1 99Content-Length: 27 100WWW-Authenticate: Digest realm="testrealm", nonce="6" 101WWW-Authenticate: NTLM 102 103This is not the real page! 104</data400> 105 106<data1401> 107HTTP/1.1 401 NTLM intermediate (2) 108Server: Microsoft-IIS/5.0 109Content-Type: text/html; charset=iso-8859-1 110Content-Length: 33 111WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 112 113This is still not the real page! 114</data1401> 115 116<data1402> 117HTTP/1.1 401 Sorry wrong password (3) 118Server: Microsoft-IIS/5.0 119Content-Type: text/html; charset=iso-8859-1 120Content-Length: 29 121WWW-Authenticate: NTLM 122WWW-Authenticate: Digest realm="testrealm", nonce="7" 123 124This is a bad password page! 125</data1402> 126 127<!-- Fifth request has NTLM auth, right password --> 128<data500> 129HTTP/1.1 401 Need Digest or NTLM auth (5) 130Server: Microsoft-IIS/5.0 131Content-Type: text/html; charset=iso-8859-1 132Content-Length: 27 133WWW-Authenticate: Digest realm="testrealm", nonce="8" 134WWW-Authenticate: NTLM 135 136This is not the real page! 137</data500> 138 139<data1501> 140HTTP/1.1 401 NTLM intermediate (3) 141Server: Microsoft-IIS/5.0 142Content-Type: text/html; charset=iso-8859-1 143Content-Length: 33 144WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 145 146This is still not the real page! 147</data1501> 148 149<data1502> 150HTTP/1.1 200 Things are fine in server land (2) 151Server: Microsoft-IIS/5.0 152Content-Type: text/html; charset=iso-8859-1 153Content-Length: 32 154 155Finally, this is the real page! 156</data1502> 157 158<datacheck> 159HTTP/1.1 401 Need Digest or NTLM auth 160Server: Microsoft-IIS/5.0 161Content-Type: text/html; charset=iso-8859-1 162Content-Length: 27 163WWW-Authenticate: NTLM 164WWW-Authenticate: Digest realm="testrealm", nonce="1" 165 166HTTP/1.1 401 Sorry wrong password 167Server: Microsoft-IIS/5.0 168Content-Type: text/html; charset=iso-8859-1 169Content-Length: 29 170WWW-Authenticate: Digest realm="testrealm", nonce="2" 171WWW-Authenticate: NTLM 172 173This is a bad password page! 174HTTP/1.1 401 NTLM intermediate 175Server: Microsoft-IIS/5.0 176Content-Type: text/html; charset=iso-8859-1 177Content-Length: 33 178WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 179 180HTTP/1.1 200 Things are fine in server land 181Server: Microsoft-IIS/5.0 182Content-Type: text/html; charset=iso-8859-1 183Content-Length: 32 184 185Finally, this is the real page! 186HTTP/1.1 401 Need Digest or NTLM auth (3) 187Server: Microsoft-IIS/5.0 188Content-Type: text/html; charset=iso-8859-1 189Content-Length: 27 190WWW-Authenticate: Digest realm="testrealm", nonce="4" 191WWW-Authenticate: NTLM 192 193HTTP/1.1 401 Sorry wrong password (2) 194Server: Microsoft-IIS/5.0 195Content-Type: text/html; charset=iso-8859-1 196Content-Length: 29 197WWW-Authenticate: NTLM 198WWW-Authenticate: Digest realm="testrealm", nonce="5" 199 200This is a bad password page! 201HTTP/1.1 401 NTLM intermediate (2) 202Server: Microsoft-IIS/5.0 203Content-Type: text/html; charset=iso-8859-1 204Content-Length: 33 205WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 206 207HTTP/1.1 401 Sorry wrong password (3) 208Server: Microsoft-IIS/5.0 209Content-Type: text/html; charset=iso-8859-1 210Content-Length: 29 211WWW-Authenticate: NTLM 212WWW-Authenticate: Digest realm="testrealm", nonce="7" 213 214This is a bad password page! 215HTTP/1.1 401 NTLM intermediate (3) 216Server: Microsoft-IIS/5.0 217Content-Type: text/html; charset=iso-8859-1 218Content-Length: 33 219WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 220 221HTTP/1.1 200 Things are fine in server land (2) 222Server: Microsoft-IIS/5.0 223Content-Type: text/html; charset=iso-8859-1 224Content-Length: 32 225 226Finally, this is the real page! 227</datacheck> 228 229</reply> 230 231# Client-side 232<client> 233<features> 234NTLM 235SSL 236!SSPI 237</features> 238<server> 239http 240</server> 241<tool> 242libauthretry 243</tool> 244 245<name> 246HTTP authorization retry (Digest switching to NTLM) 247</name> 248<command> 249http://%HOSTIP:%HTTPPORT/%TESTNUMBER digest ntlm 250</command> 251</client> 252 253# Verify data after the test has been "shot" 254<verify> 255<protocol> 256GET /%TESTNUMBER0100 HTTP/1.1 257Host: %HOSTIP:%HTTPPORT 258Accept: */* 259 260GET /%TESTNUMBER0100 HTTP/1.1 261Host: %HOSTIP:%HTTPPORT 262Authorization: Digest username="testuser", realm="testrealm", nonce="1", uri="/%TESTNUMBER0100", response="53c80666f5e3a4a55f92a66aaf0078bb" 263Accept: */* 264 265GET /%TESTNUMBER0200 HTTP/1.1 266Host: %HOSTIP:%HTTPPORT 267Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 268Accept: */* 269 270GET /%TESTNUMBER0200 HTTP/1.1 271Host: %HOSTIP:%HTTPPORT 272Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyV09SS1NUQVRJT04= 273Accept: */* 274 275GET /%TESTNUMBER0300 HTTP/1.1 276Host: %HOSTIP:%HTTPPORT 277Accept: */* 278 279GET /%TESTNUMBER0300 HTTP/1.1 280Host: %HOSTIP:%HTTPPORT 281Authorization: Digest username="testuser", realm="testrealm", nonce="4", uri="/%TESTNUMBER0300", response="1aa5d90da9803ca12d04b24e0f19476e" 282Accept: */* 283 284GET /%TESTNUMBER0400 HTTP/1.1 285Host: %HOSTIP:%HTTPPORT 286Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 287Accept: */* 288 289GET /%TESTNUMBER0400 HTTP/1.1 290Host: %HOSTIP:%HTTPPORT 291Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyV09SS1NUQVRJT04= 292Accept: */* 293 294GET /%TESTNUMBER0500 HTTP/1.1 295Host: %HOSTIP:%HTTPPORT 296Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 297Accept: */* 298 299GET /%TESTNUMBER0500 HTTP/1.1 300Host: %HOSTIP:%HTTPPORT 301Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyV09SS1NUQVRJT04= 302Accept: */* 303 304</protocol> 305</verify> 306</testcase> 307