Assume that you try to upload a file by using an XMLHttpRequest object in Level 2 specification in Internet Explorer 10. The file upload cannot be finished if the POST receives a 401 authentication challenge. The upload either freezes indefinitely or times out if a 401 challenge is received on the HTTP POST.
Additionally, this affects POSTs that contain files that are attached by using a formData().append method. The failures can occur in one of two ways during the network traces, depending on whether the Kerberos protocol or the NT LAN Manager (NTLM) protocol is used:
Additionally, this affects POSTs that contain files that are attached by using a formData().append method. The failures can occur in one of two ways during the network traces, depending on whether the Kerberos protocol or the NT LAN Manager (NTLM) protocol is used:
- If Internet Explorer sends the POST, and the server responds with a 401 including the Authentication Header (AH), and then the Kerberos protocol is negotiated:
- Internet Explorer sends the initial POST that contains the full body.
- Server responds with Authenticate: Negotiate.
- Internet Explorer sends Kerberos hash to the server together with content-length that states a full POST body is present but does not include the content.
- Server waits for the remaining payload. However, the payload is never sent.
- If Internet Explorer sends the POST, and the server responds with a 401 including the AH, and then the NTLM protocol is negotiated:
- Internet Explorer sends the initial POST that contains the full body.
- Server responds with Authenticate: Negotiate or Authenticate: NTLM.
- Internet Explorer sends NTLM hash to the server together with content-length = 0.
- Server responds with server hash.
- No follow-up POST that contains the completed hash or a full POST body is sent by the client.