5

I made a proof of concept for single-sign-on in TypeScript using NodeSSPI. This works, I get the username where I'm logged in on our corporate AD domain - without entering any account information or credentials. But I want to know how this is possible in detail, cause it works in IE and Chrome out of the box. I found this MSDN article about NTLM which says:

  1. Username of the logged in user is send to the server
  2. Server generated random number challenge and send it to the client
  3. Client encrypts the challenge with the user password hash and send it back to server
  4. Server sends username, challenge and challenge-response to DC
  5. DC compares the PW with the database and authenticates the user if it matches

I'm especially wonder about step 1 and 2: Where does this happen? How is e.g. the username transfered to the server? Is it part of the http request? I took a look in the request from the chrome developer tools and couldn't see any header or other information which indicates that e.g. my AD username is send to the server.

Please note: These questions only apply to SSO where no credentials are supplied by the user! Cause when the user enters his credentials this is clear.

Eugène Adell
  • 3,089
  • 2
  • 18
  • 34
  • 1
    IE browser is having the option called "Enable Integrated Windows Authentication" where-in you can use the current logged in user's details to authenticate. Check this link for more detail - https://blogs.msdn.microsoft.com/ieinternals/2011/07/06/integrated-windows-authentication/ – Am_I_Helpful Feb 09 '18 at 10:17

1 Answers1

0

Is it part of the http request?

Yes. As described in RFC 4559, you should see the WWW-Authenticate: Negotiate header from the server's response, and as a consequence the Authorization header from the client.

If the developers tools don't show this, please come back with a network capture.

Community
  • 1
  • 1
Eugène Adell
  • 3,089
  • 2
  • 18
  • 34