1 Reply Latest reply on Feb 20, 2009 11:18 AM by Joe ... Ward

    NTLM post bug?

    AndrewStew
      There seems to be a bug in the NTLM handling when posts are concerned, don't know about PUT.
      In trying to find out why a post to my webserver would sometimes not have any POST data.

      I did a packet capture using wireshark, on windows, and for each POST request, the first request to an NTLM secured URL doesn't have any body, i.e. no post data. This is fine when the webserver challanges the first request, because the second request, with the authentication data, has the post data with it. However, if the first request is allowed through, because of the AUTH token on the request, the request then gets through to the app with no post data.

      Safari, Firefox and IE always hand the POST data across with the first request, so they don't suffer from this issue. If you need the Wireshark capture, I can post it here too, but it's pretty easy to reproduce if you have an NTLM secured site that does a POST anywhere.

      I'm using the AIR SDK 1.5, and runtime 1.5.