Microsoft Fiddler – HTTP Proxy

Installed IE7 and got a good add-on for debugging http traffic. Fiddler Link

About Integrated Windows Authentication in IIS

Did a telnet to localhost to get /localstart.asp which is protected by Integrated windows authentication. Response HTTP header is :
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Wed, 31 May 2006 04:09:56 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html

Now, the browser is required to authenticate using NTLM. This mode is supported only in IE. So, the same page(localstart.asp) when opened using firebox will retry sending username/password from the popup and will fail. Whereas In IE, it will render the page properly. So, to view the localstart.asp page in browsers other than IE, we can’t use Integrated windows authentication. Rather we may use Basic authentication. HTTP Response headers in case of basic authentication:
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Wed, 31 May 2006 04:14:47 GMT
WWW-Authenticate: Basic realm=”APPLICATIONS”
Content-Length: 4431
Content-Type: text/html

Problem with applet in IE7

Had problems with loading a applet(that tries to connect using socket) in IE7 using JRE1.5. It used to work in IE6. Was getting the socketPermission error although the java.policy file in the user home had socketPermission for accept, connect, resolve. Then I added the same socketPermission entry in the java.policy file under the security folder of the JRE installed directory. It then worked. Thus, IE7 doesn’t check the java.policy file present in the user home. Instead it checks the same present in the JRe installed directory. Bug or enhancement in IE7?

In case of load balanced applications like tarantella, we can’t manually add socketpermission for individual servers. Hence, added the following line in

permission java.net.SocketPermission “*”, “accept, connect, listen, resolve”; in the grant{} block of java.policy present in the JRE installed security directory(C:\Program Files\Java\jre1.5.0_08\lib\security). This is more like granting security permission for all applets  downloaded from any server to accept, connect and resolve .  Don’t know how to restrict the grant options to a set of machines like *.us.oracle.com using the codebase option since the codebase option require a complete host machine address. Since in my case it will be a dynamic list of servers and I don’t want to add each and every dynamic server to my security file, I prefer granting this permission to all servers.