Is it possible to use "Transfer-Encoding: Chunked" header with windows authentication?

Question

Is it possible to use "Transfer-Encoding: Chunked" header with windows authentication?

WinHTTP authentication described here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx

works if I don't use "Transfer-Encoding: Chunked\r\n" header when calling WinHttpSendRequest(). If I do, I'm not able to log on, because WinHttpReceiveResponse() fails after setting credentials with WinHttpSetCredentials() and resending the request again with WinHttpSendRequest(). Since I really need chunked transfer, is it possible to use it in combination with windows authentication?

Here is the log of audit failure when using chunked encoding:

SubjectUserSid S-1-5-18 
SubjectUserName MY-PC-NAME$ 
SubjectDomainName WORKGROUP 
SubjectLogonId 0x3e7 
TargetUserSid S-1-0-0 
TargetUserName Administrator 
TargetDomainName MY-PC-NAME
Status 0xc000006d 
FailureReason %%2313 
SubStatus 0xc000006a 
LogonType 2 
LogonProcessName User32  
AuthenticationPackageName Negotiate 
WorkstationName MY-PC-NAME 
TransmittedServices - 
LmPackageName - 
KeyLength 0 
ProcessId 0x1d8 
ProcessName C:\Windows\System32\winlogon.exe 
IpAddress 127.0.0.1 
IpPort 0

And, here is the successful audit without chunked encoding:

SubjectUserSid S-1-0-0 
SubjectUserName - 
SubjectDomainName - 
SubjectLogonId 0x0 
TargetUserSid S-1-5-21-4112068699-3954607238-3758397191-1005 
TargetUserName moose 
TargetDomainName MY-PC-NAME 
TargetLogonId 0x137576fb8 
LogonType 3 
LogonProcessName NtLmSsp  
AuthenticationPackageName NTLM 
WorkstationName M_10 
LogonGuid {00000000-0000-0000-0000-000000000000} 
TransmittedServices - 
LmPackageName NTLM V2 
KeyLength 128 
ProcessId 0x0 
ProcessName - 
IpAddress 167.109.28.37 
IpPort 56695

As you can see, so many things are different: domain, username, IP, port, Logon type, TargetUserSid, etc... And all beacuse of "Transfer-Encoding: Chunked\r\n"!?

EDIT:

To make it simple, the question is:

success = WinHttpSetCredentials( hPostRequest, target, authScheme, IIS_USER_NAME, IIS_PWD, NULL );
success = WinHttpSendRequest( hPostRequest,
                              L"Transfer-Encoding: Chunked\r\n",
                              (DWORD)-1,
                              WINHTTP_NO_REQUEST_DATA,
                              0,
                              WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH,
                              0 );

After successful return values, what WinHttp API to call next?

winapi

iis-7

windows-authentication

winhttp

asked on Stack Overflow Oct 1, 2013 by

moose • edited Oct 2, 2013 by

moose

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0