We use NTLM auth to access an ASP.net web services from our MonoTouch app and everything works fine.
One of our customers uses the same app and the NTLM auth fails from our app but works from the iPad's Safari browser.
Looking at the packet flow from the customer, the server does not return NTLMSSP_CHALLENGE
, when our app sends NTLMSSP_NEGOTIATE
message.
Looking the differences between our app's NTLMSSP_NEGOTIATE
message and iPad's Safari same message
Our MT app sets the NTLM flags to 0xb203
and Safari sets this to 0x88207
.
The NegotiateNtlm2Key
is set to 0
in our app and 1
in Safari
Our app also sends the calling workstation domain and name fields whereas Safari send both as null.
The client's server is Windows Server 2003 and they also use Kerberos as their main authentication scheme and fall back on NTLM.
Would setting the NegotiateNtlm2Key
flags in Mono.Security.Protocol.Ntlm.NtlmFlags
help?