Always use NTLM and not Kerberos

Jun 8, 2011 at 12:26 PM

I am trying to use Waffle for the first time with filters. From my machine I am goung to SSRS server and running a report and which in turn calls the web service on a different server to get the data for the report. But it always connects as Connected User: NT AUTHORITY\ANONYMOUS LOGON. I want it to be the user which is running the report.

This is how it is configured in web.xml

<filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>  
    <init-param>
     <param-name>principalFormat</param-name>
     <param-value>fqn</param-value>
    </init-param>
    <init-param>
     <param-name>roleFormat</param-name>
     <param-value>both</param-value>
    </init-param>
    <init-param>
     <param-name>allowGuestLogin</param-name>
     <param-value>true</param-value>
    </init-param>
    <init-param>
     <param-name>securityFilterProviders</param-name>
     <param-value>
      waffle.servlet.spi.BasicSecurityFilterProvider
      waffle.servlet.spi.NegotiateSecurityFilterProvider
     </param-value>
    </init-param>
    <init-param>
     <param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>
     <param-value>
      Negotiate
      NTLM
     </param-value>
    </init-param>
    <init-param>   
     <param-name>waffle.servlet.spi.BasicSecurityFilterProvider/realm</param-name>
     <param-value>WaffleFilterDemo</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>   

 

This is what I get from HttpHeaders on my machine when I try to run SSRS report.

POST /Reports/Pages/Report.aspx?xxx HTTP/1.1
Accept: */*
Accept-Language: en-us
Referer: http://reports2.yyy.com/Reports/Pages/Report.aspx?ItemPath=yyy
x-microsoftajax: Delta=true
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Cache-Control: no-cache
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; BECIE7; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; BECIE7)
Host: reports2.yyy.com
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogYABgA0AAAADAAMACgAAAAFASgKAAAAD0hPVURCMjUxNDBCOUlBTUVSUw==
Content-Length: 0
HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADgAAAAFgomiAu8RikDN77EAAAAAAAAAAIYAhgBEAAAABQLODgAAAA9CAEUAQwBQAFMATgACAAwAQgBFAEMAUABTAE4AAQASAEEAUwBIAFMAVAA5ADQAMgA4AAQAFABiAGUAYwBwAHMAbgAuAGMAbwBtAAMAKABBAFMASABTAFQAOQA0ADIAOAAuAGIAZQBjAHAAcwBuAC4AYwBvAG0ABQAUAGIAZQBjAHAAcwBuAC4AYwBvAG0AAAAAAA==
Date: Wed, 08 Jun 2011 12:18:05 GMT
Set-Cookie: NSC_T-BTITU9427-BTITU9428=ffffffff9009d68e45525d5f4f58455e445a4a423660;expires=Wed, 08-Jun-2011 12:20:05 GMT;path=/;httponly
POST /Reports/Pages/Report.aspx?ItemPath=zzz HTTP/1.1
Accept: */*
Accept-Language: en-us
Referer: http://reports2.yyy.com/Reports/Pages/Report.aspx?ItemPath=zzz
x-microsoftajax: Delta=true
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Cache-Control: no-cache
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; BECIE7; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; BECIE7)
Host: reports2.yyy.com
Content-Length: 2867
Connection: Keep-Alive
Cookie: NSC_T-BTITU9427-BTITU9428=ffffffff9009d68e45525d5f4f58455e445a4a423660
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAAAwADABIAAAAEAAQAFQAAAAYABgAZAAAAAAAAACsAAAABYKIogUBKAoAAAAPSQBBAE0ARQBSAFMAaAB4AGcAYQBrAGgAYQByAEgATwBVAEQAQgAyADUAMQA0ADAAQgA5ANiLNKSrbtOvAAAAAAAAAAAAAAAAAAAAAAnqWPXBymIC3n73WVpA+Ha7/vkMcVZtUA==
ctl04=ctl04%7Cctl31%24ctl04%24ctl03%24ddValue&__EVENTTARGET=ctl31%24ctl04%24ctl03%24ddValue&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUENTM4MQ8WAh4RUGFnZVZpZXdTdGF0ZVRpbWUoKVlTeXN0ZW0uSW50NjQsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORI2MzQ0MzEzMjExMDE3NDY3NzMWAgIBD2QWAgIDD2QWAmYPZBYCAgEPZBYCZg9kFgZmDxYCHgdWaXNpYmxlaGQCAQ9kFgJmD2QWAmYPZBYCZg8WCB4GdmFsaWduBQN0b3AeBmhlaWdodAUCMzAeB2NvbHNwYW4FATQeBWNsYXNzBRRtc3JzLXZhbGlkYXRpb25lcnJvcmQCAg9kFgICAQ9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgRmDxYCHwFoZAIBD2QWAmYPZBYCZg8WAh8DBQQxMDAlFgRmD2QWBAIBDxYCHgVWYWx1ZWRkAgMPZBYCZg9kFgJmDxYCHwZkZAIBDxQrAAUPFhIeFlNob3dBdG9tRGF0YUZlZWRCdXR0b25nHg5Qcm9jZXNzaW5nTW9kZQspkgFNaWNyb3NvZnQuUmVwb3J0aW5nLldlYkZvcm1zLlByb2Nlc3NpbmdNb2RlLCBSZXBvcnRpbmdTZXJ2aWNlc1dlYlVzZXJJbnRlcmZhY2UsIFZlcnNpb249MTAuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49ODk4NDVkY2Q4MDgwY2M5MQEeGUludGVyYWN0aXZpdHlQb3N0QmFja01vZGULKZ0BTWljcm9zb2Z0LlJlcG9ydGluZy5XZWJGb3Jtcy5JbnRlcmFjdGl2aXR5UG9zdEJhY2tNb2RlLCBSZXBvcnRpbmdTZXJ2aWNlc1dlYlVzZXJJbnRlcmZhY2UsIFZlcnNpb249MTAuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49ODk4NDVkY2Q4MDgwY2M5MQIeDFNjcm9sbFRhcmdldGQeBVdpZHRoGwAAAAAAAFlABwAAAB4OU2hvd0JhY2tCdXR0b25oHg5SZW5kZXJpbmdTdGF0ZQspmAFNaWNyb3NvZnQuUmVwb3J0aW5nLldlYkZvcm1zLlJlcG9ydFJlbmRlcmluZ1N0YXRlLCBSZXBvcnRpbmdTZXJ2aWNlc1dlYlVzZXJJbnRlcmZhY2UsIFZlcnNpb249MTAuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49ODk4NDVkY2Q4MDgwY2M5MQAeBkhlaWdodBsAAAAAAABZQAcAAAAeBF8hU0ICgANkKClYU3lzdGVtLkd1aWQsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSRkYmI5MjkyOC02ZjAxLTRlZWMtODgyMS0xYThhNzdlNjNkMjACARQrAAEUKwAEZhQrAAQFGGVtdTV3MWozbTV5ZmJrenF2a21samkyMxQrAQBlAgFkZGQWAgIBD2QWAmYPZBYCZg9kFgwCAQ8PFgIeC0hhc0NvbnRyb2xzZ2QWBAIDD2QWAgIBDxBkZBYBZmQCBQ9kFgICAQ8QZGQWAGQCAg9kFgICAg8WAh8GBQVmYWxzZWQCAw8PFgIfAWhkZAIFD2QWAgICDxYCHwYFBWZhbHNlZAIGD2QWAmYPZBYCZg9kFgRmDw9kFgIeBXN0eWxlBRB2aXNpYmlsaXR5Om5vbmU7ZAIDD2QWBAIBDxYCHgdFbmFibGVkaGQCBA8WAh8GBQMxMDBkAgoPZBYCAgEPFgIfBgUFRmFsc2VkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRVjdGwzMSRUb2dnbGVQYXJhbSRpbWcFD2N0bDMxJGN0bDA3JGltZ7DfSoZZlyTbEGBKEFuFL2lbxFso&NavigationCorrector%24ScrollPosition=&NavigationCorrector%24ViewState=&NavigationCorrector%24PageState=Loaded&NavigationCorrector%24NewViewState=&ctl31%24ctl03%24ctl00=&ctl31%24ctl03%24ctl01=&ctl31%24ctl10=&ctl31%24ctl11=quirks&ctl31%24AsyncWait%24HiddenCancelField=False&ctl31%24ctl04%24ctl03%24ddValue=1&ctl31%24ToggleParam%24store=&ctl31%24ToggleParam%24collapse=false&ctl31%24ctl08%24ClientClickedId=&ctl31%24ctl07%24store=&ctl31%24ctl07%24collapse=false&ctl31%24ctl09%24VisibilityState%24ctl00=None&ctl31%24ctl09%24ScrollPosition=0%200&ctl31%24ctl09%24ReportControl%24ctl02=&ctl31%24ctl09%24ReportControl%24ctl03=&ctl31%24ctl09%24ReportControl%24ctl04=100&__ASYNCPOST=true&

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23210
Content-Type: text/plain; charset=utf-8
Expires: Wed, 08 Jun 2011 12:17:05 GMT
Server: Microsoft-HTTPAPI/1.0
X-AspNet-Version: 2.0.50727
Date: Wed, 08 Jun 2011 12:18:10 GMT
Set-Cookie: NSC_T-BTITU9427-BTITU9428=ffffffff9009d68e45525d5f4f58455e445a4a423660;expires=Wed, 08-Jun-2011 12:20:11 GMT;path=/;httponly

 

Coordinator
Jul 5, 2011 at 3:21 PM

I think the first thing to do is to disable guest logon (in your configuration, allowGuestLogin=false). Then it will probably fail to authenticate and that's a different story that the Troubleshooting Negotiate will help you with.