EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CRL not verified (revisited)

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#35642
Posted: 01/21/2016 08:07:03
by Vsevolod Ievgiienko (EldoS Corp.)

It should work the same way with our components, however we use NTLM implementation from WinAPI, so have limited possibility to debug it in case if something doesn't work.

That why I'm asking you to check with login and password to compare the outcome.
#35643
Posted: 01/21/2016 08:42:50
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

I understand, but what are my options now? From my understanding they are using proxy server for PCs in local network and that proxy requires authentication. If they turn off proxy in settings then they can't go to Internet, they just see local network. If they turn it on, Intenet explorer takes this settings and go out without asking any password. They want me to do the same!
#35650
Posted: 01/22/2016 03:50:21
by Vsevolod Ievgiienko (EldoS Corp.)

What SecureBlackbox version do you use? Please try to use the latest one and check if it works.
#35665
Posted: 01/23/2016 06:36:10
by Eugene Mayevski (EldoS Corp.)

Most likely their proxy is an ISA server with NTLM authentication. This means that indeed if you use NTLM for a proxy settings, the password will be taken from the current user's account. Normally if you set the proxy location and enable the use of NTLM, this should work.

As for the proxy location -- .NET client component uses the system methods to locate the proxy automatically. SecureBlackbox doesn't do this for a number of reasons, and while it's possible to implement automatic detection functionality, we can do this for a fee, as a custom service.


Sincerely yours
Eugene Mayevski
#35666
Posted: 01/23/2016 06:46:22
by Eugene Mayevski (EldoS Corp.)

After re-reading the whole topic I see that NTLM doesn't work for you. In this situation we can try to work with you on diagnostics of their problem (i.e. try to find why NTLM doesn't work) but this is a custom service with a hourly fee. Working on particular remote remote users' configurations is not covered by Standard or Premium support levels.


Sincerely yours
Eugene Mayevski
#35667
Posted: 01/25/2016 03:54:25
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

Hi Eugene
I don't think that there is a problem with their setup of NTLM. Simply because I have made a small c# program where I prove that it works. So
Code
HttpClient client = new HttpClient();
HttpResponseMessage msg = await client.GetAsync("http://demo-pki.****.**/crl/democa.crl");
Stream response = await msg.Content.ReadAsStreamAsync();
using (var fileStream = File.Create("C:\\temp\\democa.crl"))
{
  response.Seek(0, SeekOrigin.Begin);
  response.CopyTo(fileStream);
}

plus this peace of configuration do the job
Code
<system.net>
  <defaultProxy usedefaultCredentials="true"/>
</system.net>


This was done using .NET 4.5 and System.Net.Http assembly (standard .NET assembly). I have done this reading this article: http://stackoverflow.com/questions/9603093/proxy-basic-authentication-in-c-http-407-error
#35668
Posted: 01/25/2016 04:03:33
by Eugene Mayevski (EldoS Corp.)

Microsoft stuff can do various things under the hood, which are not accessible to external component. We are using system libraries for NTLM authentication, so that the user's username and password are picked from the system. If this doesn't work on some particular system, there's not much we can do, and even investigating the problem would take a fair amount of time. That is why such investigations can be done only as a custom work.


Sincerely yours
Eugene Mayevski
#35681
Posted: 01/25/2016 08:50:51
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

How do you suggest to do that custom work? I don't believe they can allow any external computer to go inside their network.
#35682
Posted: 01/25/2016 08:55:45
by Eugene Mayevski (EldoS Corp.)

Unfortunately I can't see what else we can do. We could try creating tests and asking you to run them one by one, capture logs etc. . But this is a slow and painful process, which would be also very costly.

Let's put it differently -- for what exactly operations do you use this connectivity?


Sincerely yours
Eugene Mayevski
#35686
Posted: 01/25/2016 12:32:05
by ingbabic  (Standard support level)
Joined: 09/27/2011
Posts: 114

I need to download CRL
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 8498 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!