IE Does not give a login prompt to a 401 request from a FTP:// access via a proxy

book

Article ID: 166572

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 

When using Microsoft IE Browser for FTP Access when there is no Proxy Enabled the native FTP process is used as if you were using the FTP Dos Prompt or FTP Application.

If you configure the Browser to use a Proxy the connection method changes. It will now make the request over the Proxy Port / HTTP.
 
If a user enters the URL  ftp://myserver.com without a username and password ( ftp://xxxx:[email protected] ) the MS IE browser returns a blank page or a download box (which errors) depending on the version. Yet Firefox prompts the user with a login box to enter the username and password.
 
 
Example packet captures
 
MS IE : We can see the GET Request for ftp://mysite.co.uk
 
Request
    2010-06-30 16:21:40.269681 10.91.1.21            10.91.7.10            HTTP     GET ftp://mysite.co.uk/ HTTP/1.1
 
Hypertext Transfer Protocol
    GET ftp:// mysite.co.uk/ HTTP/1.1\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)\r\n
    Host: mysite.co.uk:21\r\n
    Proxy-Connection: Keep-Alive\r\n
 
 
Response
   2010-06-30 16:21:42.930031 10.91.7.10            10.91.1.21            HTTP     HTTP/1.1 401 Unauthorized
 
Hypertext Transfer Protocol
    HTTP/1.1 401 Unauthorized\r\n
    WWW-Authenticate: Basic realm=" mysite.co.uk"\r\n
    Content-Type: text/plain\r\n
    Cache-Control: proxy-revalidate\r\n
    Content-Length: 0\r\n
    Proxy-Connection: Keep-Alive\r\n
    Connection: Keep-Alive\r\n
    Proxy-support: Session-based-authentication\r\n
    Date: Wed, 30 Jun 2010 15:21:42 GMT\r\n
 
 
Firefox : We can see the same GET Request and near identical response
 
Request
   2010-06-30 16:22:28.538284 10.91.1.21            10.91.7.10            HTTP     GET ftp://mysite.co.uk/ HTTP/1.1
 
Hypertext Transfer Protocol
    GET ftp://mysite.co.uk/ HTTP/1.1\r\n
    Host: mysite.co.uk\r\n
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 ( .NET CLR 3.5.30729)\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-gb,en;q=0.5\r\n
    Accept-Encoding: gzip,deflate\r\n
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
    Keep-Alive: 300\r\n
    Proxy-Connection: keep-alive\r\n
 
Response
   2010-06-30 16:22:30.440672 10.91.7.10            10.91.1.21            HTTP     HTTP/1.1 401 Unauthorized
 
Hypertext Transfer Protocol
    HTTP/1.1 401 Unauthorized\r\n
    WWW-Authenticate: Basic realm="mysite.co.uk"\r\n
    Content-Type: text/plain\r\n
    Cache-Control: proxy-revalidate\r\n
    Content-Length: 0\r\n
    Proxy-Connection: Keep-Alive\r\n
    Connection: Keep-Alive\r\n
   Proxy-support: Session-based-authentication\r\n
    Date: Wed, 30 Jun 2010 15:22:30 GMT\r\n
 
 
If the credentials are then entered in Firefox we can see that the Browser resends the request with the Authorization: header (login details).
 
Request
   2010-06-30 16:32:25.046538 10.91.1.21            10.91.7.10            HTTP     GET ftp://mysite.co.uk/ HTTP/1.1
 
Hypertext Transfer Protocol
    GET ftp://mysite.co.uk/ HTTP/1.1\r\n
    Host: mysite.co.uk\r\n
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 ( .NET CLR 3.5.30729)\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-gb,en;q=0.5\r\n
    Accept-Encoding: gzip,deflate\r\n
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
    Keep-Alive: 300\r\n
    Proxy-Connection: keep-alive\r\n
    Authorization: Basic YW5vbnltb3VzOnRlc3Q=\r\n
        Credentials: anonymous:test                                < ----------------- login credentials.
 
 
The interesting thing is if you enter the credentials in the URI, MS IE sends the info using the same method on the 2nd attempt.
 
Request
    2010-06-30 17:08:01.145158 10.91.1.21            10.91.7.10            HTTP     GET ftp://anonymous:[email protected]/ HTTP/1.1
 
Hypertext Transfer Protocol
    GET ftp://anonymous:[email protected]/ HTTP/1.1\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)\r\n
    Host: mysite.co.uk:21\r\n
    Proxy-Connection: Keep-Alive\r\n
    Authorization: Basic YW5vbnltb3VzOnRlc3Q=\r\n
        Credentials: anonymous:test
 
 
 
 
So based on the Packet Captures we can see there is no difference in response but yet IE will never prompt the user.
 
Why……………………………. Well have a read of the following MS Tech Net, under the questions below.
 
http://technet.microsoft.com/en-us/library/bb794745.aspx
 
How to access an FTP site that is not anonymous using Internet Explorer
 
 
.