Questions tagged [ntlm]

NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

NTLM has been deprecated for many uses as it doesn't support the latest standards:

Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM - MSDN and to use Kerberos instead.

Despite this NTLM is still used inside enterprise networks where Microsoft Active Directory provides the enterprise directory service for Integrated Windows Authentication when Kerberos is not available.

NTLM over HTTP handshake is fairly simple:

Request  - [unauthenticated - no user info passed]

Response - 401 Unauthorized
           WWW-Authenticate: NTLM


Request  - Authorization: NTLM <base64-encoded type-1-message>

Response - 401 Unauthorized
           WWW-Authenticate: NTLM <base64-encoded type-2-message>


Request  - Authorization: NTLM <base64-encoded type-3-message>

           Server can now check username/password against LDAP from type-3 message
Response - 200 Ok [now authenticated & authorised]

1230 questions

votes

1 answer

Making Windows Authentication and WKHTMLToPDF play nice

I'm faced with the task of generating a PDF from an HTML page on an ASP.NET website. (Something the users can save away/print nicely) I've found that WKHTMLToPDF does the job very well having looked at this: Calling wkhtmltopdf to generate PDF from…

asked Jun 14 '11 at 08:50

John Reilly

5,791
5
38
63

votes

2 answers

Extending php SoapClient for siteminder authentication

Short Version I want to extend SoapClient so it does this internally when accessing the WSDL: curl -L -E /location/of/cert.pem -c /tmp/location/of/cookie.jar https://web-service-provider/servicename?wsdl Long Version I've got a SOAP request similar…

php soap-client ntlm siteminder soapserver

asked Jun 02 '11 at 09:57

denormalizer

2,186
3
24
36

votes

2 answers

Request to web service with Basic authorization via proxy with NTLM authorization not working

I have a web service that requires basic authorisation and a user behind an internet proxy that requires NTLM authorisation. I also have a forms application that makes calls to the web service and also asks the user for the web service credentials…

web-services proxy ntlm basic-authentication wcf

asked May 31 '11 at 14:59

Edgar

4,348
4
40
59

votes

5 answers

NTLM V2 SSO Java Servlet Filter

I need to use NTLM V2 SSO for a web application deployed on Tomcat 6 (Redhat Linux). I know of the JCifs library but it's NTLM filter supports only NTLM V1 and not V2. They recommend JESPA as an alternative but I would rather have an open source…

java single-sign-on ntlm ntlmv2

asked Mar 27 '11 at 19:06

xask

votes

2 answers

How do I automatically log domain users in to Azure DevOps Server 2019?

We are running Azure DevOps 2019. The users are all authenticated by their domain accounts and are using Google Chrome. They log in to Azure DevOps Server with their Windows username and password. I would like it if users on the domain were…

google-chrome tfs ntlm azure-devops-server

asked Jan 18 '19 at 16:26

Beakster

votes

1 answer

How does NTLM SSO in a Windows Domain works?

I made a proof of concept for single-sign-on in TypeScript using NodeSSPI. This works, I get the username where I'm logged in on our corporate AD domain - without entering any account information or credentials. But I want to know how this is…

active-directory single-sign-on windows-authentication ntlm

asked Feb 08 '18 at 17:30

user6643481

votes

1 answer

Easy_install or pip with NTLM auth

In my working environment, internet access is managed by NTLM authentication and is associated with Windows user account, and easy_install or pip doesn't work: C:\>easy_install django install_dir D:\Python26\Lib\site-packages\ Searching for…

python ntlm easy-install pip

asked Jan 23 '11 at 06:44

Wang Dingwei

4,661
6
32
43

votes

2 answers

How can I manually enter my credentials in SQL Server management Studio 2008 when using Windows Authentication?

Usually, when using Windows Authentication, the software (eg Internet Explorer) tries to use Windows Authentication, and if it doesn't succeed (because the domain is untrusted, or because the credentials are not ok for example), it just popups a…

ssms ntlm

asked Jan 24 '09 at 15:50

Brann

31,689
32
113
162

votes

2 answers

IE sends empty POST body randomly while using NTLM authentication (using angular to Spring)

We are seeing issues with seemingly random calls that are missing the POST in IE 11. Upon further inspection the requests from the browser are including a NTLM negotiation token. We see this token on GETs too from time to time, but they are…

angularjs spring internet-explorer authentication ntlm

asked Dec 01 '16 at 18:36

Chewy

votes

1 answer

Excel VBA: NTLM / Kerberos & Negotiate Authentication in VBA-Web / WinHttp

I want to interface with a REST API of a website (in EXCEL VBA) that requires authentication , using either a digital certificate (.PFX file) (NTLM authentication), or using the Windows Domain authentication (Kerberos & Negotiate Authentication).…

excel vba authentication ntlm http-negotiate

asked Nov 06 '16 at 22:55

Goldtrallion

votes

2 answers

How to use Python requests to perform NTLM SSPI authentication?

My goal is to authenticate my client that uses the requests library (2.11.1) in Python 3.5.2 through NTLM with SSPI so that the user does not have to manually enter her domain credentials (used to login to the PC). I have found the following…

python authentication python-requests ntlm sspi

asked Nov 03 '16 at 17:37

R01k

votes

1 answer

In ActiveDirectory, how are security audit events transmitted to the Domain Controller's event log? How does the mechanism scale?

In a multi-domain-setting, I want to collect security file access audit events at a central place. In ActiveDirectory, it is possible to enable file access auditing at the Domain Controller by creating a GPO. Additionally, at a different 'file…

active-directory ldap ntlm ntfs gpo

asked Oct 18 '16 at 15:56

mischka

votes

1 answer

Git network operations behind corporate firewall using LibGit2Sharp throws

I am trying to use LibGit2Sharp to git push origin using the following using(var repo = new Repository("path\to\repo\.git")) { var commit = repo.Commit("Commit message", author, committer); var options = new PushOptions{ CredentialsProvider…

proxy ntlm git-push libgit2sharp

asked Oct 07 '16 at 01:19

aateeque

2,161
5
23
35

votes

1 answer

NTLM authentication over HTTP

I am wondering if we are using NTLM (Windows) authentication - how server determines if user is already logged on or not. So when I first time access the site - the server tells me he want to authenticate me via NTLM: WWW-Authenticate:…

windows authentication iis active-directory ntlm

asked Oct 06 '16 at 09:11

seeker

3,255
7
36
68

votes

1 answer

KSoap-Android\JCIFS sends empty HTTP post

I created an NTLM authenticating SOAP client based on KSOAP-Android and JCIFS. The implementation looks something like this: public class NtlmServiceConnection implements ServiceConnection { public NtlmServiceConnection(final SoapConnectionInfo…

android http ntlm ksoap2 jcifs

asked Oct 02 '10 at 01:22

Adam Driscoll

9,395
9
61
104

Prev 1 2 3

…

81 82 Next