Bug 215920

Summary: [GTK] Webkitgtk does not support NTLM Authentication and does not show auth dialog
Product: WebKit Reporter: srinivasnakshathri
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bugs-noreply, mcatanzaro
Priority: P3 Keywords: Gtk
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Attachment for popup not shown with webkitgtk none

srinivasnakshathri
Reported 2020-08-28 06:17:49 PDT
I am using webkitgtk container to display web page.However some pages require authentication and show javascript dialogs for authentication.How to handle it in webkitgtk? I have tried setting the properties allow-modal-dialogs to true and javascript-can-open-windows-automatically to true However I am not seeing any dialogs which asks for authentication Is there default popup handler in webkitgtk? If not should we implement it by connecting to authenticate signal?
Attachments
Attachment for popup not shown with webkitgtk (5.81 KB, image/png)
2020-08-28 08:42 PDT, srinivasnakshathri 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2020-08-28 07:18:26 PDT
You can connect to WebKitWebView::authenticate to handle the authentication, but by default it should show a dialog that works, so you don't *need* to do that. If that's not working for some reason on some particular site, or in your setup, then more info is needed. You can test to see if the default implementation works using MiniBrowser, which does not handle the WebKitWebView::authenticate signal.
srinivasnakshathri
Comment 2 2020-08-28 07:41:00 PDT
Where can I get MiniBrowser? Can you share it? I will try that.Mainly IWA popups are not being shown
srinivasnakshathri
Comment 3 2020-08-28 07:50:55 PDT
(In reply to Michael Catanzaro from comment #1) > You can connect to WebKitWebView::authenticate to handle the authentication, > but by default it should show a dialog that works, so you don't *need* to do > that. > > If that's not working for some reason on some particular site, or in your > setup, then more info is needed. You can test to see if the default > implementation works using MiniBrowser, which does not handle the > WebKitWebView::authenticate signal. I checked in MiniBrowser when I navigate to the site which shows IWA popup or NTLM dialog for authentication it displays this error 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.
srinivasnakshathri
Comment 4 2020-08-28 08:42:18 PDT
Created attachment 407470 [details] Attachment for popup not shown with webkitgtk I have attached the popup which is being not shown with webkitgtk but works with all other browsers
Michael Catanzaro
Comment 5 2020-08-28 09:22:44 PDT
That doesn't look like HTTP authentication. That looks like a custom authentication page. That could be a web content issue. E.g. they could simply not send the authentication page at all if user agent doesn't contain "Firefox" or "Chrome". Who knows what's going on there, but I doubt it indicates a problem with HTTP authentication.
srinivasnakshathri
Comment 6 2020-08-28 10:14:53 PDT
(In reply to Michael Catanzaro from comment #5) > That doesn't look like HTTP authentication. That looks like a custom > authentication page. That could be a web content issue. E.g. they could > simply not send the authentication page at all if user agent doesn't contain > "Firefox" or "Chrome". Who knows what's going on there, but I doubt it > indicates a problem with HTTP authentication. I think the issue is mainly with IWA (Integrated Windows Authentication). It does not show IWA Auth prompt
srinivasnakshathri
Comment 7 2020-08-28 10:34:53 PDT
(In reply to Michael Catanzaro from comment #5) > That doesn't look like HTTP authentication. That looks like a custom > authentication page. That could be a web content issue. E.g. they could > simply not send the authentication page at all if user agent doesn't contain > "Firefox" or "Chrome". Who knows what's going on there, but I doubt it > indicates a problem with HTTP authentic(In reply to Michael Catanzaro from comment #5) > That doesn't look like HTTP authentication. That looks like a custom > authentication page. That could be a web content issue. E.g. they could > simply not send the authentication page at all if user agent doesn't contain > "Firefox" or "Chrome". Who knows what's going on there, but I doubt it > indicates a problem with HTTP authentication. Should I collect any logs here?
srinivasnakshathri
Comment 8 2020-08-28 11:15:31 PDT
(In reply to Michael Catanzaro from comment #5) > That doesn't look like HTTP authentication. That looks like a custom > authentication page. That could be a web content issue. E.g. they could > simply not send the authentication page at all if user agent doesn't contain > "Firefox" or "Chrome". Who knows what's going on there, but I doubt it > indicates a problem with HTTP authentication. I see www-authenticate header for this sites is ntlm
srinivasnakshathri
Comment 9 2020-08-28 11:48:51 PDT
(In reply to Michael Catanzaro from comment #5) > That doesn't look like HTTP authentication. That looks like a custom > authentication page. That could be a web content issue. E.g. they could > simply not send the authentication page at all if user agent doesn't contain > "Firefox" or "Chrome". Who knows what's going on there, but I doubt it > indicates a problem with HTTP authentication. In addition basic authentication works ,the problem looks like only with NTLM
srinivasnakshathri
Comment 10 2020-08-31 07:52:51 PDT
(In reply to Michael Catanzaro from comment #5) > That doesn't look like HTTP authentication. That looks like a custom > authentication page. That could be a web content issue. E.g. they could > simply not send the authentication page at all if user agent doesn't contain > "Firefox" or "Chrome". Who knows what's going on there, but I doubt it > indicates a problem with HTTP authentication. Is there any configuration to enable NTLM authentication?
Michael Catanzaro
Comment 11 2020-08-31 10:09:26 PDT
No, NTLM is supported by via gssapi, see bug #122952. That doesn't require any configuration. I suspect hardly anybody ever tests it, so it's possible it could be broken.
srinivasnakshathri
Comment 12 2020-08-31 10:13:41 PDT
(In reply to Michael Catanzaro from comment #11) > No, NTLM is supported by via gssapi, see bug #122952. That doesn't require > any configuration. > > I suspect hardly anybody ever tests it, so it's possible it could be broken. Does it work via authenticate signal as well? Is there any working sample of implementing NTLM dialog via authenticate signal
Michael Catanzaro
Comment 13 2020-08-31 10:38:04 PDT
(In reply to srinivasnakshathri from comment #12) > Does it work via authenticate signal as well? It should. > Is there any working sample of > implementing NTLM dialog via authenticate signal Nothing special about NTLM here. You don't need to override authenticate unless you want to use a custom dialog, in which case you can do whatever you want to construct the dialog.
srinivasnakshathri
Comment 14 2020-09-04 09:49:18 PDT
(In reply to Michael Catanzaro from comment #13) > (In reply to srinivasnakshathri from comment #12) > > Does it work via authenticate signal as well? > > It should. > > > Is there any working sample of > > implementing NTLM dialog via authenticate signal > > Nothing special about NTLM here. You don't need to override authenticate > unless you want to use a custom dialog, in which case you can do whatever > you want to construct the dialog. Hi can you help in giving sample project to refer? As per this article which is quite old even implementing authenticate signal is not enough to catch NTLM https://webkit-gtk.webkit.narkive.com/XksdiPTi/webkit-gtk-memory-leak
Michael Catanzaro
Comment 15 2020-09-04 10:16:05 PDT
That post is very old and predates libsoup's support for gssapi. Again, it should work by default. You don't need to implement any signal. If it doesn't work, then there's a bug, but you haven't shown us any website where it's broken yet. I don't know of any websites that use NTLM authentication, so I don't know how we would test it. Also, can you set a title for this bug please? It's unlikely to get much attention in the future without a proper title.
srinivasnakshathri
Comment 16 2020-09-04 22:07:11 PDT
(In reply to Michael Catanzaro from comment #15) > That post is very old and predates libsoup's support for gssapi. > > Again, it should work by default. You don't need to implement any signal. If > it doesn't work, then there's a bug, but you haven't shown us any website > where it's broken yet. I don't know of any websites that use NTLM > authentication, so I don't know how we would test it. > > Also, can you set a title for this bug please? It's unlikely to get much > attention in the future without a proper title. Hi I have tried multiple internal websites which uses NTLM Authentication with MiniBrowser,none of them show auth dialog and redirects successfully. I am not sure how to get external websites which uses NTLM Authentication How do I set title for the bug?
srinivasnakshathri
Comment 17 2020-09-04 22:23:27 PDT
(In reply to Michael Catanzaro from comment #15) > That post is very old and predates libsoup's support for gssapi. > > Again, it should work by default. You don't need to implement any signal. If > it doesn't work, then there's a bug, but you haven't shown us any website > where it's broken yet. I don't know of any websites that use NTLM > authentication, so I don't know how we would test it. > > Also, can you set a title for this bug please? It's unlikely to get much > attention in the future without a proper title. I managed to get external website http://ntlm.herokuapp.com/ ,I am able to repro the issue,and not able to get NTLM Auth dialog.But this works with all other browsers
Michael Catanzaro
Comment 18 2020-09-05 06:21:03 PDT
OK, good job finding a test page and also for finding bug #122952. Let's continue in bug #122952 since there's more relevant discussion there. *** This bug has been marked as a duplicate of bug 122952 ***
srinivasnakshathri
Comment 19 2020-09-05 06:26:44 PDT
(In reply to Michael Catanzaro from comment #18) > OK, good job finding a test page and also for finding bug #122952. Let's > continue in bug #122952 since there's more relevant discussion there. > > *** This bug has been marked as a duplicate of bug 122952 *** No problem,is there any intermediate solution for this?
Note You need to log in before you can comment on or make changes to this bug.