Compact Framework firewall issue

[Mike]

MS Support:

At one customer site, we can connect to the web from Pocket IE, but we can't
from our .NET CF app.

If we set the Passthrough setting in ActiveSync to "Work" and try to connect
to the web from Pocket IE, we get a popup window that gives the firewall
name and asks for a user, password, and domain. We enter an employee's
username and password and the domain name and the web site comes up ok.

In our .NET CF app, I specify the SAME user, pw, and domain as Credentials
on the WebRequest and WebProxy objects, but we still get back a "407 Proxy
Authentication" error. I think maybe their firewall might require NTLM
Authentication or the SOCKS protocol but I don't know.

Any help?

Mike Wasson
Pharmaconomics, Inc.

 

[Peter Huang]

Hi Mike,

Based on my knowledge, NTLM authentication is not currently supported by
the Compact Framework.
As a workaround, you can enable either digest or basic auth on the server
as both are supported by NetCF.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Mike]

Yes, NTLM is not supported by CF v1.0, but I don't know if that is the
problem.

Is there a way I can tell why CF v1.0 can't get through the firewall? Their
IT depatment is not very helpful.

 

[Peter Huang]

Hi Mike,

I think the problem is that the the FireWall need NTLM, while the app need
to access network via the firewall we will get the 407 error, because we
are not authorized by the firewall.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[[MSFT]]

Hi Mike,

Did you still have any concern on this issue? If so, please feel free to
post here.

Luke

 

[Mike]

Yes, can you answer my last question? The problem is still the same. The
..NET CF app can't get through the firewall.

 

[Peter Huang]

Hi Mike,

From your description, the firewall is also using the NTLM authentication,
but the Compact framework so far did not support the NTLM, so we can not
pass the network packet through the Firewall. So far we have to use the
ohter authentication approaches,e.g. Digest authentication.

8.8. Is NTLM authentication supported by the .NET Compact Framework?
Using Digest authentication instead of Basic or NTLM authentication is the
recommended solution. Digest authentication is supported by the .NET
Compact Framework.
http://msdn.microsoft.com/mobility/prodtechinfo/devtools/netcf/faq/default.a
spx#8.8

I think the NTLM will be supported in the next version of compact framework
(Whidbey).

Whidbey Compact Framework 2.0 Changes
Enhanced Authentication ¨C Kerberos and NTLM
http://samgentile.com/blog/archive/2004/05/12/11523.aspx

So far we have to use the Digest authentication as a workaround, and wait
for the Whidbey to release.

Thank you for your understanding!


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Mike]

How do you know that their firewall requires NTLM?

 

[Peter Huang]

Hi Mike,

This is just an guess, from the error code "407 Proxy Authentication" which
means the proxy does not authenticated your credential, so the credential
maybe error, but you said the pocket ie will work so the credential that
used your logon username and password should be correct.

Also you may try another proxy which does not use the NTLM authentication
or does not use the authentication to see if that works. If yes, we will
know the code is well, so the problem is that the proxy does not pass the
packet through the proxy.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.