OAS 0 Posted April 2, 2019 When using ICS with proxy, you have to write user / password at each application start or store them in text file or configuration files or code (it's bad) for proxy. ICS provide fields proxyUserName and ProxyPassword for proxies. But proxies are not only usage for SSO, it's usefull for Server and Client validation on Windows wolrd (and others if you use Kerberos and other validation sytem) : Client use his credentials in place of user/password and serverdon't have to know (store) those informations, just ask to a service to validate client credentials. If you use Windows on domain, you have to use your session informations to connect wich is called Single Sign On (SSO). You are indentified once at startup and use Domain Controler to provide your identity. Windows protocol NTML is implemented for basics, can manage proxy authentification but have'nt NTLM complete implementation. In "OverbyteIcsHttpSrv" is implemented Server side to validate Domain validation but not Client side. I propose to add functionnality for Client SSO using NTLMSession yet declared with some modifications 8.61.zip Share this post Link to post
Angus Robertson 577 Posted April 2, 2019 1 hour ago, OAS said: I propose to add functionnality for Client SSO using NTLMSession yet declared with some modifications Thanks for the new units, don't see a problem adding them to SVN this week. However I really need a way to test the changes, independently of ICS, My network does not have a domain controller. Angus Share this post Link to post
OAS 0 Posted April 5, 2019 Hello I forgot release part so I propose you to add in OverbyteIcsHttpProt.pas, line ~1445 destructor THttpCli.Destroy; begin .....{$IFDEF USE_NTLM_AUTH} FreeAndNil(FAuthNtlmSession); // V8.61 {$ENDIF} inherited Destroy; end; Share this post Link to post
Angus Robertson 577 Posted April 5, 2019 Your earlier changes are already in SVN and the overnight zip, with slight modification, I'll add this change next time. Strangely, I could not find any ICS client samples that test authentication, the BrowserDemo using HtmlViewer did not actually work despite putting up a login dialog box, which I have now fixed. But I've not got NTLM authentication working, sure I set it up many years ago on my IIS server, but can not remember how. Think it might need NT permissions set-up on restricted directories, but I'm hazy on this Angus Share this post Link to post
OAS 0 Posted April 8, 2019 Thanks. I known this miss in ICS that's why I share it. SSO functionnality should be more used but I saw more cases where there is a dialog box or storage for user/PW (I do it myself when I set a windows service wich have to go throught proxy server). I hope it would pleased to dev because I think SSO is a good practice. Olivier Share this post Link to post