Questions tagged [ntlm]

NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

NTLM has been deprecated for many uses as it doesn't support the latest standards:

Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM - MSDN and to use Kerberos instead.

Despite this NTLM is still used inside enterprise networks where Microsoft Active Directory provides the enterprise directory service for Integrated Windows Authentication when Kerberos is not available.

NTLM over HTTP handshake is fairly simple:

Request  - [unauthenticated - no user info passed]

Response - 401 Unauthorized
           WWW-Authenticate: NTLM


Request  - Authorization: NTLM <base64-encoded type-1-message>

Response - 401 Unauthorized
           WWW-Authenticate: NTLM <base64-encoded type-2-message>


Request  - Authorization: NTLM <base64-encoded type-3-message>

           Server can now check username/password against LDAP from type-3 message
Response - 200 Ok [now authenticated & authorised]

1230 questions

votes

2 answers

JMeter NTLM/Windows Authentication Load Testing

What is to be done? We have an application deployed on the Sharepoint (corporate) Server which uses the windows credentials to log into the application. App URL format: http://testmachine:1000/sites/test/ Windows Credentials Format:…

asked Apr 17 '12 at 19:38

Ravindra S

6,302
12
70
108

votes

1 answer

IIS Windows Authentication Rejecting Some Users

We have a very basic SOAP web service setup using Windows Authentication, open for all users: The Issue However, some Windows accounts are getting 401…

active-directory iis-7.5 ntlm

asked Mar 20 '12 at 11:11

Matt Mitchell

40,943
35
118
185

votes

1 answer

Spring security 3 + JCIFS ntlm

Can they work together? Some project sample would be great. I have a web-app on Spring3. And i need to implement NTLM. Spring stopped NTLM support in 3rd version. Is there any possibilities to implement it? Looking for a sample project.

spring-security ntlm jcifs

asked Jan 17 '12 at 12:39

StrekoZ

votes

1 answer

System.Windows.Forms.WebBrowser sometimes does NTLM auth - why?

I have a Windows Forms app targeting .NET 2.0. I'm attempting to add a single sign-on feature via the SAML 2.0 protocol, for which the most efficient apparent solution was an embedded web browser. I've verified using a dummy app containing only a…

c# winforms browser credentials ntlm

asked Dec 12 '11 at 03:21

Ben

6,023
1
25
40

votes

2 answers

SMTP commands for "AUTH NTLM"

I'm failing at finding the commands I need to send to authenticate to a SMTP server using NTLM. I think it goes something like: AUTH NTLM 334 235

smtp ntlm

asked Sep 16 '08 at 15:34

Dylan

2,392
6
26
34

votes

1 answer

Browsing a NTLM protected website using python with python NTLM

I have been tasked with creating a script that logs on to a corporate portal goes to a particular page, downloads the page, compares it to an earlier version and then emails a certain person depending on changes that have been made. The last parts…

python ntlm

asked Jun 21 '11 at 14:34

jias

votes

1 answer

ASP.NET Form Authentication + NTLM + LDAP

I'm trying to add LDAP support to an existing ASP.NET website that uses Form Authentication. This is not a big problem, I just build a simple login dialog (ordinary HTTP POST), query the LDAP directory and log the user in via Form Authentication…

asp.net ldap ntlm

asked Apr 03 '11 at 13:26

Hannes Sachsenhofer

1,835
1
23
38

votes

1 answer

NTLM authentication in ZAP

I'm trying to do some penetration testing of REST Api using ZAP. Api uses windows authentication [domain\username] and is hosted locally on a specific port. First I did a test using postman to try to connect and make an example request. My config…

authentication ntlm owasp zap

asked Aug 31 '18 at 11:45

Chris4D

votes

2 answers

.NET calling SharePoint Web Service gets an HTTP 401 Unauthorized exception

I am trying to call a SharePoint Lists service to get list definition and data. The SharePoint site is my companies but I have no control over it. Here is all I know about the server's security: Server is HTTPS:// Server accepts Windows Active…

.net web-services sharepoint active-directory ntlm

asked Feb 10 '11 at 04:12

markti

2,783
1
23
30

votes

1 answer

Writing a custom NTLM challenge/response in ASP.Net

I know that you can enable NTLM authentication in an ASP.Net app using: However - I need to handle Forms, HTTP and other custom authentications in the same app, so ASP.Net's limited built-in support is no use. The…

asp.net http authentication ntlm

asked Jan 18 '11 at 10:37

Keith

150,284
78
298
434

votes

4 answers

Automatic NTLM with python on Windows

How can I use automatic NTLM authentication from python on Windows? I want to be able to access the TFS REST API from windows without hardcoding my password, the same as I do from the web browser (firefox's network.automatic-ntlm-auth.trusted-uris,…

python windows tfs ntlm

asked Aug 02 '17 at 06:59

liorda

1,552
2
15
38

votes

0 answers

Using ntlm authentication in Nativescript ios platform

I am building an app with authenticates the user against a sharepoint site which uses NTLM authentication. I found the ntlm.js which has been patched for nativescript here https://github.com/hdeshev/nativescript-ntlm-demo. I have managed to get it…

javascript ios nativescript ntlm des

asked Jul 28 '17 at 12:10

tigerdi

votes

3 answers

Can CNTLM be configured to passthrough? Trying to achieve zero-configuration proxy switching for browsers, ssh, and the like

My primary laptop shuttles between two office wifi environments (one behind an NTLM proxy and one require Cyberoam authentication) and various wifi/LAN environments. My network connectivity is managed by netctl[1], with a home-brew script which does…

proxy ntlm

asked Jun 29 '17 at 03:20

Ng Oon-Ee

1,193
1
10
26

votes

8 answers

Login without username and password from the web browser on Windows

I heard that on Windows you can login from a web browser to the web server without going through the usual login entering username and password but using instead the credentials from Windows directly, using the NTLM protocol. How is this achieved?…

windows single-sign-on ntlm browser

asked Jan 07 '09 at 22:18

Janko Mivšek

3,954
3
23
29

votes

1 answer

Android NTLM getting HTTP/1.1 401 Unauthorized

I am try to get data from share point server. Following is my code. DefaultHttpClient httpclient = new DefaultHttpClient(); httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory()); …

java android authentication sharepoint ntlm

asked Nov 23 '16 at 09:18

Rahul Giradkar

1,818
1
17
28

Prev 1 2 3

…

81 82 Next