G
Guest
I'm currently in the middle of developing an ftp server service and I wondered if anyone else has noticed this or if it was just me. I've been using IIS' FTP server for a while now, and I don't like the security on it so I started to develop my own. I've currently got it built to connect to domain and use the LogonUser api to validate the users credentials (yes, I already have the user which runs the service acting as part of the operating system if you were going to ask). Here is where my problem lies
Internet Explorer creates a new connection to the server every single time that you change folders (if the user hasn't explored the folder yet). This wouldn't be a problem, if IE passed the username and password everytime that it did this. The problem is that it leaves the password out when sending the PASS ____ raw ftp command to the server. Since I'm using the api to validate the logon against the domain, and IE sends this command one after the next, user accounts are being locked out because of invalid credentials. Is this a problem with IE or something with my server? When authenticating I was always under the assumption that you should send both username and password to the server, not just the username.
So far what I've tried to fix this problem was use a class that I built to hold users that have previously logged in and the domain they are associated with, check the user info, and if they are already listed in the collection to bypass the LogonUser api since I know they are both already correct. This was when I found that IE wasn't sending both the username and password, it was just sending the username and leaving the password blank. I've also tried flagging the user's tcp connection as being authenticated, however IE closes the socket before it attempts to reconnect each and every time
Anyone have any ideas? I'm getting dangerously close to being out of them
Thanks in advance
Jeff
Internet Explorer creates a new connection to the server every single time that you change folders (if the user hasn't explored the folder yet). This wouldn't be a problem, if IE passed the username and password everytime that it did this. The problem is that it leaves the password out when sending the PASS ____ raw ftp command to the server. Since I'm using the api to validate the logon against the domain, and IE sends this command one after the next, user accounts are being locked out because of invalid credentials. Is this a problem with IE or something with my server? When authenticating I was always under the assumption that you should send both username and password to the server, not just the username.
So far what I've tried to fix this problem was use a class that I built to hold users that have previously logged in and the domain they are associated with, check the user info, and if they are already listed in the collection to bypass the LogonUser api since I know they are both already correct. This was when I found that IE wasn't sending both the username and password, it was just sending the username and leaving the password blank. I've also tried flagging the user's tcp connection as being authenticated, however IE closes the socket before it attempts to reconnect each and every time
Anyone have any ideas? I'm getting dangerously close to being out of them
Thanks in advance
Jeff