Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. [Solved] Proxy authentication issue
Forum Update on Monday, May 27th 2025

[Solved] Proxy authentication issue

Scheduled Pinned Locked Moved General and Desktop
8 Posts 2 Posters 17.1k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    solitone
    wrote on 21 Sept 2012, 16:50 last edited by
    #1

    I'm struggling with downloading a simple web page with QNetworkAccessManager. I encounter a proxy authentication issue which I can't overcome.

    Here's a snippet of my code:

    @void Window::download()
    {
    QNetworkAccessManager manager = new QNetworkAccessManager(this);
    connect(manager, SIGNAL(finished(QNetworkReply
    )), this, SLOT(replyFinished(QNetworkReply*)));

    QNetworkProxy proxy(QNetworkProxy::HttpProxy, "my_proxy_host", 8080, "MY_DOMAIN//my_user", "my_password");

    manager->setProxy(proxy);
    manager->get(QNetworkRequest(QUrl("http://www.google.com")));
    }@

    I've sniffed the HTTP traffic with Wireshark, and here's what it's logged:

    @[truncated] Proxy-Authorization: NTLM TlRMTVNTUAADAAAAAAAAAFQAAADaANoAVAAAABQAFABAAAAAAAAAAFQAAAAAAAAAVAAAAAAAAAAAAAAAAQIAAEYARQBSAFIARQBSAE8ATgBFAFQAe63Ac4fenpjEZxAU3IlPgQEBAAAAAAAAgHLoLSaYzQE5Y2NiYTU0YQAAAAACABQARgBFAFIAUgBFAFIATwBOAEUAV
    NTLM Secure Service Provider
    NTLMSSP identifier: NTLMSSP
    NTLM Message Type: NTLMSSP_AUTH (0x00000003)
    Lan Manager Response: Empty
    NTLM Response: 7badc07387de9e98c4671014dc894f810101000000000000...
    NTLM Client Challenge: 3963636261353461
    Domain name: MY_DOMAIN
    User name: NULL
    Host name: NULL
    Session Key: Empty
    Flags: 0x00000201
    @

    The issue seems to be username remains NULL, even though I specified a value for it in QNetworkProxy constructor. I presume the password is blank as well.

    As you see, NTLM authentication is involved in my scenario. I suspect it's NTLM v2 and something is wrong with QT and NTLM v2. Not sure though, as I don't have access to the proxy server and I cannot verify whether it uses v2 indeed.

    Do you have any information / suggestion on this issue? Thanks!

    1 Reply Last reply
    0
    • H Offline
      H Offline
      hardcodes.de
      wrote on 21 Sept 2012, 20:00 last edited by
      #2

      Maybe you could use nmap to detect what kind of system your proxy is?
      Since it doesn't use Kerberos I hope that you have NTLMv2 at least.

      This might help with the "internals of the protocol":http://msdn.microsoft.com/en-us/library/dd925287(v=office.12).aspx.

      As you can read "here":http://social.msdn.microsoft.com/Forums/en-US/os_interopscenarios/thread/c8f488ed-1b96-4e06-bd65-390aa41138d1, the client walks from the most secure protocol to the weakest.

      Sorry, I can't help you with the Qt details but it may help others to help you if they knew what system and protocol is used here.

      while(!sleep){++sheep;}

      1 Reply Last reply
      0
      • S Offline
        S Offline
        solitone
        wrote on 24 Sept 2012, 09:45 last edited by
        #3

        [quote author="hardcodes.de" date="1348257625"]Maybe you could use nmap to detect what kind of system your proxy is?[/quote]

        Here's what I find nmapping my proxy server. I reckon I don't get much detail for port 8080 (where my proxy server listens) as again it requires authentication:

        @# nmap -T4 -A -v my_proxy_host

        Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-24 10:59
        [...]
        Not shown: 991 closed ports
        PORT STATE SERVICE VERSION
        [...]
        80/tcp open http CacheFlow http cache
        |_http-title: Access Denied
        |_http-methods: No Allow or Public header in OPTIONS response (status code 407)
        [...]
        8080/tcp open http CacheFlow http cache
        |_http-title: Access Denied
        |_http-methods: No Allow or Public header in OPTIONS response (status code 407)
        8081/tcp open http Blue Coat SG210 http proxy config
        |http-title: Site doesn't have a title (text/plain; charset=utf-8).
        | http-auth:
        | HTTP/1.1 401 Authentication Required
        |
        Basic realm=10.11.21.160
        [...]@

        Is there a more specific way to run nmap and get some further information?

        1 Reply Last reply
        0
        • S Offline
          S Offline
          solitone
          wrote on 24 Sept 2012, 09:57 last edited by
          #4

          I see several reports on proxy authentication issues--e.g.

          • https://bugreports.qt-project.org/browse/QTBUG-26037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
          • https://bugreports.qt-project.org/browse/QTBUG-13063?page=com.atlassian.jira.plugin.system.issuetabpanels:changehistory-tabpanel

          Do you think the problem I'm facing could be related to something similar?

          1 Reply Last reply
          0
          • H Offline
            H Offline
            hardcodes.de
            wrote on 24 Sept 2012, 15:40 last edited by
            #5

            As I said, I can not help you with Qt itself just with the discovery of NTLM. I'd say you've got a BlueCoat (= Proxy appliance) - you could try a "nmap -O -sS -sV my_proxy_host" to get more details. Chances are high that it uses NTLM. If you use Internet Explorer via this proxy and must not enter your credentials NTLM is used.

            Then you try to use different user name notations:

            USERNAME
            DOMAIN\USERNAME
            USERNAME@FULL.DOMAIN.NAME

            while(!sleep){++sheep;}

            1 Reply Last reply
            0
            • S Offline
              S Offline
              solitone
              wrote on 24 Sept 2012, 16:20 last edited by
              #6

              OK, done it!

              I eventually found out I cannot directly pass username/password to QNetworkProxy() constructor. I need to take advantage of proxyAuthenticationRequired() signal.

              Here's how I changed my code:

              @void Window::download()
              {
              QNetworkAccessManager *manager = new QNetworkAccessManager(this);
              QNetworkProxy proxy(QNetworkProxy::HttpCachingProxy, "my_proxy_host", 8080);

              connect(manager, SIGNAL(finished(QNetworkReply*)), this, SLOT(replyFinished(QNetworkReply*)));
              connect(manager, SIGNAL(proxyAuthenticationRequired(const QNetworkProxy&, QAuthenticator*)), this, SLOT(onProxyAuthenticationRequired(const QNetworkProxy&, QAuthenticator*)));

              manager->setProxy(proxy);
              manager->get(QNetworkRequest(QUrl("http://www.gnu.org/")));
              }

              void Window::onProxyAuthenticationRequired(const QNetworkProxy &prox, QAuthenticator *auth)
              {
              auth->setUser("my_user");
              auth->setPassword("my_password");
              }@

              As you can see, now I no longer pass username and password to QNetworkProxy constructor, but I manage authentication data inside onProxyAuthenticationRequired() slot.

              This way, my username is correctly passed to the proxy server, as a WireShark's capture showed.

              I've tested proxy types QNetworkProxy::HttpProxy and QNetworkProxy::HttpCachingProxy and, in my landscape, they both work.

              1 Reply Last reply
              0
              • H Offline
                H Offline
                hardcodes.de
                wrote on 24 Sept 2012, 16:52 last edited by
                #7

                Allthough I could not really help you here, I'm happy you got a solution!
                Please write a [solved] into the header of your first post, I think many people stumble upon proxy authentication and would be happy to find a solution :-D

                while(!sleep){++sheep;}

                1 Reply Last reply
                0
                • S Offline
                  S Offline
                  solitone
                  wrote on 25 Sept 2012, 08:51 last edited by
                  #8

                  [quote author="hardcodes.de" date="1348501241"]I'd say you've got a BlueCoat (= Proxy appliance) - you could try a "nmap -O -sS -sV my_proxy_host" to get more details.[/quote]

                  For future reference, here's what I find running nmap with these other options:

                  @# nmap -O -sS -sV my_proxy_host

                  Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-25 10:20
                  Host is up (0.0017s latency).
                  Not shown: 991 closed ports
                  PORT STATE SERVICE VERSION
                  21/tcp open ftp Blue Coat ftpd
                  22/tcp open ssh OpenSSH 5.6 (protocol 2.0)
                  80/tcp open http CacheFlow http cache
                  161/tcp open snmp?
                  554/tcp open rtsp?
                  1755/tcp open wms?
                  8080/tcp open http CacheFlow http cache
                  8081/tcp open http Blue Coat SG210 http proxy config
                  8082/tcp open ssl/http Blue Coat SG210 http proxy config
                  1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
                  SF-Port554-TCP:V=6.01%I=7%D=9/25%Time=5061696A%P=i686-pc-windows-windows%r
                  SF:(HTTPOptions,C2,"RTSP/1.0\x20200\x20OK\r\nServer:\x20RealServer\x20Ver
                  SF:sion\x208.0.1.367\x20(win32)\r\nPublic:\x20OPTIONS,\x20DESCRIBE,\x
                  SF:20SETUP,\x20PLAY,\x20PAUSE,\x20SET_PARAMETER,\x20TEARDOWN\r\nStatsMask:
                  SF:\x207\r\nSession:\x2062aed6c439b105cdd361540d3a41aaf5\r\n\r\n")%r(SIPOp
                  SF:tions,CC,"RTSP/1.0\x20200\x20OK\r\nCSeq:\x2042\r\nServer:\x20RealServe
                  SF:r\x20Version\x208.0.1.367\x20(win32)\r\nPublic:\x20OPTIONS,\x20DES
                  SF:CRIBE,\x20SETUP,\x20PLAY,\x20PAUSE,\x20SET_PARAMETER,\x20TEARDOWN\r\nSt
                  SF:atsMask:\x207\r\nSession:\x2099e464b6e7c55b2dc419be5a45197e19\r\n\r\n");
                  Device type: proxy server|general purpose|storage-misc|media device|phone
                  Running (JUST GUESSING): Blue Coat SGOS 5.X|6.X (95%), Blue Coat embedded (95%), FreeBSD 5.X|6.X (92%), Apple iOS 4.X|5.X (91%)
                  OS CPE: cpe:/o:bluecoat:sgos:5 cpe:/o:bluecoat:sgos:6 cpe:/o:freebsd:freebsd:5.4 cpe:/o:freebsd:freebsd:6.0 cpe:/o:freebsd:freebsd:6 cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
                  Aggressive OS guesses: Blue Coat SG510 or SG9000 proxy server (SGOS 5.2.2.5 - 5.5.4.1) (95%), Blue Coat SG510-series proxy server (SGOS 5.1.3.7) (95%), Blue Coat SG810 web proxy (SGOS 5.3.1.9 - 5.3.3.1) (95%), Blue Coat CacheFlow 5000 proxy server (95%), Blue Coat proxy server (SGOS 6.2.5.1) (95%), Blue Coat SG210 proxy server (SGOS 5.2.3.3 - 5.2.3.9) (94%), Blue Coat SGOS 5.5.3.1 (94%), FreeBSD 5.4-RELEASE (92%), FreeBSD 6.0-RELEASE (92%), FreeBSD 6.0-RELEASE - 6.2-RELEASE (92%)
                  No exact OS matches for host (test conditions non-ideal).
                  Network Distance: 6 hops
                  Service Info: OSs: CacheOS, SGOS; Device: proxy server
                  OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
                  Nmap done: 1 IP address (1 host up) scanned in 151.40 seconds@

                  1 Reply Last reply
                  0

                  1/8

                  21 Sept 2012, 16:50

                  • Login

                  • Login or register to search.
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Users
                  • Groups
                  • Search
                  • Get Qt Extensions
                  • Unsolved