I have the following problem I was hoping for some advise on
We have a Windows 2003 SP2 web server running an internal site that we connect to using HTTPS
I work on the networking side, not the web server side, but am trying to troubleshoot an application issue.
We can access the site either via IE installed on our machines, or via an application that also has web browsing functionality…but for some reason, the application method is failing with an HTTP 403 Forbidden message.
If trying via IE, I am prompted for my credentials by an authentication box. Once I enter them, I can access the site fine.
When trying via the same method using the app, I enter the same credentials, but get this 403 error.
I ran Wireshark from my machine when attempting both methods.
Interestingly, when using the app, I can see the following two entries in the capture:
GET HTTP, NTLMSSP Negotiate (client > server)
HTTP 403 Forbidden (server > client)
Would I be correct in thinking that the application is trying to use NTLM to authenticate with the web server? Or the other way around? So my question is, who decides which authentication mechanism is used?
Strangely though, when I run the capture when using IE, I can access the site fine, but don’t see the NTLMSSP Negotiate packet in the Wireshark capture. Any idea why this would be, even though I am still prompted for my credentials? I’m thinking that this would be encapsulated within the TLS packets, but then how can I see the packets on the capture from the application?