On Thu, 4 Nov 2004, Daniel Stenberg wrote:

> On Thu, 4 Nov 2004, Jamie Lokier wrote:
>
> > So all you need for testing is Internet Explorer, an IIS
> > server using NTLM, and tcpdump or such.
>
> Yes. But I don't have that either.
>
> Anyone?

I've got 'em...and a page set up to do a POST. I haven't been following
the details of the conversation, but hopefully this is helpful. This is
what I do:

- click on a URL to start IE. This URL does a GET. Before it gives me
the page, I do the authentication. Here's (a slightly sanitized version
of) what happens:

GET /curltest-auth/uploadform.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 29 Oct 2003 18:43:05 GMT
If-None-Match: "d1ae9b7d4c9ec31:20c4"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Host: myhost:myport
Connection: Keep-Alive

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Nov 2004 22:21:26 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="myhost"
Connection: close
Content-Length: 4431
Content-Type: text/html

GET /curltest-auth/uploadform.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 29 Oct 2003 18:43:05 GMT
If-None-Match: "d1ae9b7d4c9ec31:20c4"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Host: myhost:myport
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIoAAAAAAAAAAAAAAAAAAAAAA=

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Nov 2004 22:21:33 GMT
WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAAEAAQADgAAAAFgomisJFD5XN/4a4AAAAAAAAAALoAugBIAAAABQCTCAAA
AA9FAFgAVABFAFIATgBBAEwAAgAQAEUAWABUAEUAUgBOAEEATAABABwARQBEAC0ARQBDAEMA
SQBJAFMAMAAxAEQARQBWAAQALgBlAHgAdABlAHIAbgBhAGwALgBlAHYAZQByAGQAcgBlAGEA
bQAuAGMAbwByAHAAAwBMAGUAZAAtAGUAYwBjAGkAaQBzADAAMQBkAGUAdgAuAGUAeAB0AGUA
cgBuAGEAbAAuAGUAdgBlAHIAZAByAGUAYQBtAC4AYwBvAHIAcAAAAAAA
Content-Length: 4033
Content-Type: text/htm

GET /curltest-auth/uploadform.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 29 Oct 2003 18:43:05 GMT
If-None-Match: "d1ae9b7d4c9ec31:20c4"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Host: myhost:myport
Connection: Keep-Alive
Authorization: Negotiate
TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAABIAEgBAAAAADAAMAFIAAAAMAAwAXgAAAAAA
AACaAAAABYKIoGUAdgBlAHIAZAByAGUAYQBtAGQAYgB5AHIAbwBuAEQAQgBZAFIATwBOAPQ2
+JsU/j93AAAAAAAAAAAAAAAAAAAAAJwlVOSqnjlkpS7IX1AB8qYprTVFGI/9RA==

HTTP/1.1 304 Not Modified
Server: Microsoft-IIS/5.0
Date: Thu, 04 Nov 2004 22:21:33 GMT
X-Powered-By: ASP.NET
ETag: "d1ae9b7d4c9ec31:20c4"
Content-Length: 0

- Now I click on a button on the page to do a POST. Here's what
happens:

POST /curltest-auth/upload.asp HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash, */*
Referer: http://myhost:myport/curltest-auth/uploadform.htm
Accept-Language: en-us
Content-Type: multipart/form-data;
boundary=---------------------------7d4951a20d38
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Host: myhost:myport
Connection: Keep-Alive
Cache-Control: no-cache
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIoAAAAAAAAAAAAAAAAAAAAAA=
Content-Length: 0

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Nov 2004 22:21:58 GMT
WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAAEAAQADgAAAAFgomihJBAPManrCYAAAAAAAAAALoAugBIAAAABQCTCAAA
AA9FAFgAVABFAFIATgBBAEwAAgAQAEUAWABUAEUAUgBOAEEATAABABwARQBEAC0ARQBDAEMA
SQBJAFMAMAAxAEQARQBWAAQALgBlAHgAdABlAHIAbgBhAGwALgBlAHYAZQByAGQAcgBlAGEA
bQAuAGMAbwByAHAAAwBMAGUAZAAtAGUAYwBjAGkAaQBzADAAMQBkAGUAdgAuAGUAeAB0AGUA
cgBuAGEAbAAuAGUAdgBlAHIAZAByAGUAYQBtAC4AYwBvAHIAcAAAAAAA
Content-Length: 4033
Content-Type: text/htm

POST /curltest-auth/upload.asp HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash, */*
Referer: http://myhost:myport/curltest-auth/uploadform.htm
Accept-Language: en-us
Content-Type: multipart/form-data;
boundary=---------------------------7d4951a20d38
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Host: myhost:myport
Content-Length: 1789
Connection: Keep-Alive
Cache-Control: no-cache
Authorization: Negotiate
TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAABIAEgBAAAAADAAMAFIAAAAMAAwAXgAAAAAA
AACaAAAABYKIoGUAdgBlAHIAZAByAGUAYQBtAGQAYgB5AHIAbwBuAEQAQgBZAFIATwBOABIq
preIt4QRAAAAAAAAAAAAAAAAAAAAAOaVISNf2u1sD+NGbuwi3ciaWtjM123zbA==

HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Thu, 04 Nov 2004 22:21:58 GMT
X-Powered-By: ASP.NET

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Nov 2004 22:21:59 GMT
X-Powered-By: ASP.NET
UploadID: 59
Content-Length: 73
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAQQSRSCC=FADFDBNCEABKKEELDIKFIKPH; path=/
Cache-control: private
Received on 2004-11-04