Open Bug 556291 Opened 15 years ago Updated 3 years ago

Cannot Override NTLM credentials

Categories

(Core :: Networking, defect, P5)

Product:
Core
Component:
Networking
Version:
1.9.2 Branch
Platform:
x86
Windows Vista
Type:
defect

Tracking

()

People

(Reporter: chest3r, Unassigned)

References

Details

(Whiteboard: [ntlm][necko-would-take])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) When connecting to a Sharepoint/IIS site with NTLM authentication, I can get in just fine. When using the option to "Sign in as a different user", the newly supplied credentials are ignored. This started occuring with firefox 3.6 Reproducible: Always Steps to Reproduce: 1. Visit a Sharepoint site with NTLM authentication 2. Pull down the user menu and click on "Sign in as a different user" 3. Enter different credentials. Actual Results: The page reloads but I am still signed in with the original user account. Expected Results: The page should submit my other credentials and the page should render as the different user. I have only seen this with Microsoft Office Sharepoint Server 2007 (MOSS 2007). The situation is that my windows account has base user privileges but I also have an administrative account with more access. In Firefox 3.5 there was never an issue when switching between accounts.
I have not tested this with other NTLM/Kerberos sites so it may extend past MOSS 2007
Component: General → Networking
Product: Firefox → Core
QA Contact: general → networking
Version: unspecified → 1.9.2 Branch
I've seen at least one other report of this. I have an HTTP log from said report; unfortunately I can't make the log public. Honza, Jim, is there anything in particular that would be useful to know from that log?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Might be related to bug 520607? Would be great to have a server with a testing accounts to reproduce the bug locally. I can download the server from MS site and run it, but it is 14GB+ to download (~7 hours) and I have zero experience to set it up. bz: Is it ok to send me the log privately (bug mail)?
> bz: Is it ok to send me the log privately (bug mail)? Yes. Done.
chest3r - is your user account setup for single sign-on through fx prefs, or have you been prompted for your credentials? I'm guessing the site just initiates a new auth sequence, in which case single sign-on would kick back in. If single sign-on isn't enabled, the users credential cache manager doesn't pick up whatever the site does to force a new auth prompt.
When you choose to log in as a different user, the server will throw away current NTLM credentials until you enter a different one. I can see a prompt for credentials and successful result from the server after it. The result is 302 Found redirecting to a default page. For the redirect we reuse an existing keep-alive connection that has been authenticated with a previous credentials; NTLM is per connection AFAIK - please correct me if I'm wrong. So, it seems we load the default page through an old connection authenticated with a previously entered (or through the single sign-on generated) credentials. To confirm it, response to the default page request (the redirect) is 200 OK w/o any 401 intermediates.
And yes, there is "Default credentials allowed for host: 1" for that host, so SSO is used.
Yes, the setup I've experienced this on is a configured for SSO provided by Kerberos/NTLM. This authentication should all be handled by the IIS server before it gets into Sharepoint (We have another IIS frontend to the same Sharepoint content which allows anonymous access with fewer features).
Did the patch for bug 542318 fix this by chance?
Depends on: 570496
Whiteboard: [ntlm][necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.