Last Updated: 18 Jan 2021 07:32 by ADMIN
Created on: 12 Jan 2021 23:53
Type: Bug Report
Fiddler incorrectly strips Authorization header if it happens to contain the letters NTLM



Basically, the problem here is that if we're AutoAuthenticating when reissuing a request, we try to strip any default Auth header.


There's code that looks like


   if (theFlags.ContainsKey("x-AutoAuth") && newSession.requestHeaders["Authorization"].OICContains("NTLM") 

//... strip the header

The problem is that we should only be looking at the very first token of the Authorization header (e.g. before the first space). We should not search the whole header, because if the header is


    Authorization: Bearer BlahblahblahNtLMblahblah


we think it's an NTLM header and strip it. 


Nick Iliev
Posted on: 18 Jan 2021 07:32

Hi Eric,


Thanks for the update on that one! Marking this one as a bug to be fixed in a future release.


Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Posted on: 13 Jan 2021 00:12

The fix is pretty simple, just use the TrimAfter method:

  string sAuthMethod = Utilities.TrimAfter(newSession.requestHeaders["Authorization"], ' ');