OldCodePunk (Jan 01 2025 at 21:34): OldCodePunk (Jan 01 2025 at 21:34):I need to implement NTLM authentication for a request to a service via wasi-http, but for this, both authentication requests must go through the same connection. As I understand it, currently in Wasmtime, a new connection is created for each request. Am I correct in assuming that the only solution for my task is to create a custom default_send_request_handler and embed a pool of TcpStream connections based on the authority?
Jeff Parsons (Jan 01 2025 at 21:57):I'm no expert on either NTLM or HTTP, but NTLM's requirement for a long-lived connection for multiple requests sounds like it's demanding things not covered by the HTTP spec (i.e. it's not built on top of HTTP, but rather "HTTP plus extra guarantees at the transport layer") and so is unlikely to be supported now or ever in wasi-http itself. Even if connections are reused or pooled in Wasmtime in practice, there's no guarantee of that being done for any given request, so it's not something you can rely on for implementing NTLM.
All this is to say yes, I think the workaround you propose is reasonable and necessary!
OldCodePunk (Jan 01 2025 at 23:42):Thank you for the answer.
Ralph (Jan 08 2025 at 11:22):yup, that's a protocol and therefore you wouldn't look for full connection control at wasi:http; this is by design. It should be possible for host to "isolate" a guest at the http level and prevent them from tampering with anything underneath it. In this case, you'd likely build your own wasi:ntlm. If you wanted to use tcp directly you can, but that's not wasi:http
Ralph (Jan 08 2025 at 11:23):then compile that into your usage of wasmtime.
Last updated: Jan 24 2025 at 00:11 UTC