Getting through IIS "Basic" authorization process

[wmolde]

hmmm... This is going to make things interesting then. Our site is currently set up so that it is in the following format: https://site1.system.com for the main web applications and https://site2.system.com for the lightstreamer portion. Where the system.com portion is the same for both sites. The www.* part is not applicable in our situation. Is this still a invalid deployment scenario?

If it is no longer a problem, would my set up be simular to this:
LSHost = "site2.system.com"
Domain = "system.com"

If it is still a problem maybe you can give me some more ideas on how to get around it. The primary issue for us is that our firewalls only allow port 443 through them. Once traffic makes it through the firewall it is then authorized using windows "Basic" authorization scheme. (name and password required, no anonymous access allowed - issue #1) On the backside of the firewall our https://site1.system.com maps to webserver:80 (IIS - no longer ssl encrypted), and https://site2.system.com maps to webserver:8008 (Lightstreamer - no longer ssl encrypted). Unfortunently we have no way to allow any ports other than 443 thorough the system.
With this constraint, is there a better way to config this? All ideas are appreaciated!

Thanks!

[Alessandro]

https://site1.system.com for the web server and https://site2.system.com would be perfect. The domain will be of course "system.com".

[wmolde]

Just out of curiosity, are there any special steps on the client side that need to be taken to use ssl encryption? I know that in the LS server config file there are places configure the ssl part of the server, are there any such settings that need to be done on the client side?

I'm thinking that part of my problem might be that the client is not set up to use ssl correctly. In my scenario the data is sent ssl from the browser, it goes through a couple of firewalls (where the ssl encryption is stripped off) and then continues to the LS server (no longer ssl encrytped). Does anyone know of any special configuration setting that need to be made to make this situation work? Will it work this way? If I have to I can run ssl all the way to the LS server.

Thanks for the help!

[Alessandro]

The protocol used to connect to Lightstreamer Server is always the same used to download the Master Push-Page. So if the Master Push-Page is downloaded through HTTP, then HTTP will be used for all the connections to Lightstreamer Server. It the Master Push-Page is downloaded through HTTPS, all the connections to Lightstreamer Server will use HTTPS.

The port used to connect to Lightstreamer Server can be set through the setLSPort method.

[wmolde]

Ok, I was able to get everything up and working on my development system... Now here comes the fun part. The primary difference between my development and production system is that the production system has to have all incoming traffic validated by a Windows Active Directory server. When I try the exact same setup from the production system LS will not connect. The Windows status bar (IE6 and IE7) says "Lightstreamer is Connecting...", but it never actually connects. Are there any tools or variables that I could look at try and see why it is not actually connecting? I have a feeling that it is because of the AD domain server and authorization process, but I would like to have a way to verify this. Any Ideas? Thanks!

[wmolde]

Hi, I was just able to get hold of one of our IT guys to check out the server logs. He was saying that it looks like the LS Client is trying to talk to the LS server via standard http traffic. I know that I am calling the page via https. I am assuming that if I am calling the main web site pages via https that the master push page is also being recieved via https. The only traffic that is allowed through our firewalls is https (ssl on port 443). Is there a way that I can check to verify that LS from the client is trying to connect via https? Is there anyplace that I can force it to use ssl?

[wmolde]

Hello again, so I kept digging...

Using a http sniffer, I took a look at what was being sent from the client to the LS server. I noticed that I was getting "HTTP/1.1 403 Forbidden" errors on all calls being sent to my LS server (https://site2.system.com). Digging around a little more I noticed that the difference between the calls that were making it through to the server had a "Authorization" line in the header that is missing from the LS calls.

The following is the line in the header that I believe is causing the issue:
Authorization: Basic dXNlck5hbWU6UGFzc3dvcmQ=
From what I can tell this is the section of code that authorizes the traffic with the AD domain server. How can I change the header so that this code is sent to the server whenever the lightstreamer client has to make a call??