0

Hello,

I'm having some trouble with CURL. I'm trying to use a web service to get a customer's name and address but it fails to send my post data when I use NTLM proxy authentication.

$xmlToSend = 
"<?xml version=\"1.0\" ?> <soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:dat=\"$this->service\"> <soapenv:Header /> <soapenv:Body> <dat:CustomerDataRequest> <dat:SystemAuthentication> <dat:username>$this->user</dat:username> <dat:password>$this->pass</dat:password> </dat:SystemAuthentication> <dat:ReferenceNumber>$this->queryReference</dat:ReferenceNumber> </dat:CustomerDataRequest> </soapenv:Body> </soapenv:Envelope>
";


            $ch = curl_init($this->service . ".php");
            curl_setopt($ch, CURLOPT_HEADER, false);
            curl_setopt($ch, CURLOPT_PROXY, $this->proxyServer);
            curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
            curl_setopt($ch, CURLOPT_PROXYUSERPWD, $this->proxyUPD);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
            curl_setopt($ch, CURLOPT_HTTPHEADER, Array ('Content-type: text/xml'));
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlToSend);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

Now the issue appears to be with line 24: curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);

If I comment this out, everything works fine but it sends the proxyUPD string to the proxy server in plain text (bad)

If I leave it in, it authenticates on the proxy server using NTLM with the password encrypted (good) but the $xmlToSend is dropped by the proxy server on the way through to the target so the web service errors telling me that I did not send any XML.

Has anyone else come accross similar issues here? This is a problem for me because we are upgrading our proxy server and the new one does not support plain text authentication.

I'm not sure if this is maybe a bug in CURL or just that I'm missing something fundamental about the whole proxy concept??

Cheers
Ben

2
Contributors
2
Replies
12
Views
2 Years
Discussion Span
Last Post by BenWard
0

Hi,

Try by setting two separated cURL requests that share the same connection. There is a comment in PHP docs that can be helpful:

NTLM authorization is connect-based, not request-based. If the connection is not kept alive and re-used, cURL can never complete the request.

So try:

$ch = curl_init($this->service . ".php");

# authentication
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_PROXY, $this->proxyServer);
curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $this->proxyUPD);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
curl_exec($ch);

# sending XML body
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: text/xml'));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlToSend);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($ch);

By doing this the server should keep the connection alive. You can test it by using a shell with:

nc -l localhost 8080

The output in my test looks like this:

GET HTTP://run_ntlm.php/ HTTP/1.1
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
Host: run_ntlm.php
Accept: */*
Proxy-Connection: Keep-Alive

And it stops because there is no proxy here. Maybe it can help you.

0

Hello Cereal,

Thanks for your reply. Unfortunately splitting this into 2 curl_execs has not resolved the issue :(

I shall investigate further!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.