This discussion is archived
9 Replies Latest reply: Mar 14, 2012 7:29 AM by pinnom RSS

problem with Apex 4.1.1 NTLM Authentication - user always "nobody"

chrissy2 Explorer
Currently Being Moderated
Hi all,

I'm using the NTLM solution of Jason Straub http://jastraub.blogspot.com/2008/03/ntlm-http-authentication-and.html, which was working without any problems in our ApEx 3.1.
After upgrading to Apex 4.1.1 I first had some problems, which I get fixed with this thread apex 4.1.1 and get_session_id_from_cookie

Now I get no error for login, but the application user is always set to "nobody", what's confusing me, because before it was using my windows user name.
I'm using Firefox 10.0.2, but I think it's not a problem of the browser.
In the PL/SQL function I found that username is set to "nobody, when some values doesn't match.
So I'm not firm, in the functions used in the PL/SQL function, I'm not sure, what happens there.

Does anybody has an idea what's going wrong and what I have to do to get it solved.

Thanks for any hints and help
chrissy
  • 1. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    Martin1 Newbie
    Currently Being Moderated
    Hi Chrissy,

    i think APEX 4.1.1 is buggy. I have similar problems - see my thread: Problem with post_login after Upgrade to 4.1.1.00.23

    Regards,
    Martin
  • 2. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    chrissy2 Explorer
    Currently Being Moderated
    Hi Martin,

    I think the problem is behind this point, because I have set already my cookie name to a shorter one like F109. And also the functions wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.get_session_id_from_cookie seems to work, so they are only returning nobody, a user defined in the sentry funtion.
    Also it seems to work for other people using the function, so maybe someone knows a solution.

    Thanks for your hint.
    chrissy
  • 3. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    Christian Neumueller Expert
    Currently Being Moderated
    Hi chrissy2,

    is your NTLM sentry identical to Jason's? I'm asking because over time I saw a few with slight changes, that might make a difference. Maybe you could send your sentry function to me per email, so I can compare them? I also have a heavily instrumented version, which I could send back to further investigate the problem.

    Regards,
    Christian
  • 4. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    Christian Neumueller Expert
    Currently Being Moderated
    Martin1,

    in case your NTLM sentry still makes problems (you didn't answer to Patrick yet), could you also send your sentry function to me?

    Regards,
    Christian
  • 5. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    Martin1 Newbie
    Currently Being Moderated
    Hi Patrick,

    thank you for your reply. I sent you the function code via mail.
    BTW my customer decided to downgrade to APEX 4.1.0.00.32.

    Regrads,
    Martin
  • 6. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    chrissy2 Explorer
    Currently Being Moderated
    With the help of Christian I found a solution that's working for me.
    I changed my Cookie name to "C109", and changed the page sentry function not to check if Binary at position 14 in Cookie is something else then 130
    IF substr( l_auth, 1, 5) = 'NTLM ' THEN
                l_decode := utl_encode.text_decode( buf => substr(l_auth,6)
                                                  , encoding => UTL_ENCODE.BASE64 );
                l_raw := utl_raw.cast_to_raw(l_decode);
                l_help := utl_raw.substr(l_raw,14,1);
                l_help_int := utl_raw.cast_to_binary_integer(l_help);
                /*IF utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,14,1)) != 130 THEN*/
                    IF utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,9,1)) = 1 THEN
                        owa_util.mime_header('text/html', FALSE, 'utf-8');
                        owa_util.status_line( nstatus => 401
                                            , creason => 'Unauthorized'
                                            , bclose_header => false );
                        htp.p('WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==');
                        owa_util.http_header_close;
                        wwv_flow.g_unrecoverable_error := TRUE;
                        RETURN FALSE;
                    END IF;
                    -- Determine DB charset and convert raw to WE8MSWIN1252, thanks to Andrew Barbaccia
                    SELECT VALUE 
                    INTO l_charset 
                    FROM nls_database_parameters 
                    WHERE parameter='NLS_CHARACTERSET';
                    
                    l_length := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,32,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,31,1));
                    l_offset := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,34,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,33,1));
                    l_domain := REPLACE(REPLACE(substr(CONVERT(utl_raw.cast_to_varchar2(l_raw),l_charset,'WE8MSWIN1252'),l_offset + 1,l_length),chr(0),NULL),chr(15),NULL);
                    l_length := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,40,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,39,1));
                    l_offset := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,42,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,41,1));
                    l_user := REPLACE(substr(CONVERT(utl_raw.cast_to_varchar2(l_raw),l_charset,'WE8MSWIN1252'),l_offset,l_length),chr(0),NULL);
                    l_username := l_domain || '\' || l_user;
               /* ELSE
                    l_username := 'nobody';
                END IF; */
            END IF;
    That's working for me, but nor the best solution. Jason mentioned this solution in his blog, but also says it is not recommended ...

    Thanks for all the help of Christian
  • 7. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    pinnom Newbie
    Currently Being Moderated
    Hi,
    I have the same problem with APEX 4.1.1.
    I want to test your workaround, chrissy2, but how I have to set the cookie-name?

    Regards,
    Mark
  • 8. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    chrissy2 Explorer
    Currently Being Moderated
    Hi Mark,

    you can set the cookie name in your Authentication scheme > session cookie attributes.

    chrissy
  • 9. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
    pinnom Newbie
    Currently Being Moderated
    Thank you, now its running!

    Regards,
    Mark

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points