There seems to be a bug in the NTLM handling when posts are
concerned, don't know about PUT.
In trying to find out why a post to my webserver would
sometimes not have any POST data.
I did a packet capture using wireshark, on windows, and for
each POST request, the first request to an NTLM secured URL doesn't
have any body, i.e. no post data. This is fine when the webserver
challanges the first request, because the second request, with the
authentication data, has the post data with it. However, if the
first request is allowed through, because of the AUTH token on the
request, the request then gets through to the app with no post
Safari, Firefox and IE always hand the POST data across with
the first request, so they don't suffer from this issue. If you
need the Wireshark capture, I can post it here too, but it's pretty
easy to reproduce if you have an NTLM secured site that does a POST