3.1.5.1.1 Without Content Negotiation

The message flow between a TSWPP client and TSWPP server on the first connection without content negotiation is shown in the following figure.

Message flow between TSWPP client and TSWPP server on first connection without content negotiation

Figure 2: Message flow between TSWPP client and TSWPP server on first connection without content negotiation

In the above figure, the TSWPP client MUST send an HTTP request for the XML file containing the resource list. The XML resource list MUST conform to the XML schema (XSD) for messages that are sent from a TSWPP server to a TSWPP client as specified in section 2.2.1.

Because the TSWPP client did not include the .ASPXAUTH cookie in its request, the client is not authenticated and the server SHOULD send a 302 redirect code with the login URL for the client to authenticate. If the client receives the 302 packet from the server, the client MUST send an HTTP request to the login URL provided by the server.

The server SHOULD then redirect the client to the login URL. This login URL SHOULD initiate the authentication process, and this process SHOULD be achieved using the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO)-based Kerberos and the NT LAN Manager (NTLM) Authentication Protocol over HTTP, as specified in [RFC4559]. For more information about the authentication process, see [NTLM].

The specific authentication mechanism is negotiated between the server and the client, and therefore results in multiple messages being passed between the client and server to complete authentication as defined in [RFC4559].

The authentication cookie SHOULD be obtained in the initial request to the server and MUST be carried in the HTTP message body, as specified in [RFC7230] and [RFC2109]. If the server provides an authentication cookie in the previous step, the authentication cookie is treated as an opaque binary large object (BLOB) and MUST be sent by the client to the server in all subsequent requests and MUST be carried in the HTTP message headers, as specified in [RFC7230] and [RFC2109].

If the client does not request that the resource list adhere to a specific version of the XML schema, the server SHOULD return a version of the resource list adhering to schema version 1.1.