Questions tagged [ntlm]

NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

NTLM has been deprecated for many uses as it doesn't support the latest standards:

Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM - MSDN and to use Kerberos instead.

Despite this NTLM is still used inside enterprise networks where Microsoft Active Directory provides the enterprise directory service for Integrated Windows Authentication when Kerberos is not available.

NTLM over HTTP handshake is fairly simple:

Request  - [unauthenticated - no user info passed]

Response - 401 Unauthorized
           WWW-Authenticate: NTLM


Request  - Authorization: NTLM <base64-encoded type-1-message>

Response - 401 Unauthorized
           WWW-Authenticate: NTLM <base64-encoded type-2-message>


Request  - Authorization: NTLM <base64-encoded type-3-message>

           Server can now check username/password against LDAP from type-3 message
Response - 200 Ok [now authenticated & authorised]

1230 questions

votes

1 answer

How to prevent browser from sending NTLM credentials?

I’m working on a site where we want to use Kerberos authentication using Spring Security Kerberos. So, we don’t support NTLM. When the user makes an unauthenticated request, the server will reply with an HTTP 401 with header WWW-Authenticate:…

asked Jul 20 '18 at 14:29

Stephen Rosenthal

votes

2 answers

SignalR not working with Windows-integrated authentication

I have an ASP.NET MVC 4 app (.NET 4.5) and SIgnalR works fine with forms-based authentication (hosted via IIS/IIS Express) As soon as I change the app to windows-integrated authentication ( in "web.config") it stops…

asp.net websocket signalr windows-authentication ntlm

asked Jun 18 '17 at 07:55

Alex from Jitbit

53,710
19
160
149

votes

2 answers

cURL Always Returns 401 With NTLM

I'm working on a library to communicate with Microsoft Exchange using PHP. Everything works fine on my production servers, but I keep getting a 401 Unauthorized on my development machine. I tried using curl from the command line and I get the same…

linux curl ntlm

asked Dec 03 '10 at 00:17

JamesArmes

1,315
4
18
23

votes

3 answers

Installing Visual Studio 2017 Behind Corporate Proxy

Pretty simple problem. I'm unable to install VS 2017 RC behind an NTLM corporate proxy. I have tried running it through fiddler and fiddler + cntlm with no luck. I have also tried creating .exe.config files for the outer (vs_enterprise.exe) and…

proxy ntlm visual-studio-2017

asked Jan 16 '17 at 15:25

user281921

votes

2 answers

How to test a HTTP client using NTLM authentication?

I have some code acting as an HTTP client which supports basic authentication as well as NTLM authentication. I can easily test that basic authentication works by requiring a username/password to access a file in the .htaccess on an Apache server.…

iis testing ntlm

asked Oct 05 '10 at 22:39

avernet

30,895
44
126
163

votes

7 answers

How to write code that calls a WCF service and falls back from Kerberos to NTLM if needed?

I need to call a WCF service programmatically. The service may be hosted with either NTLM or Kerberos authentication and needs to work under either. That is, if connecting to the service via Kerberos fails, then it should fall back to NTLM. Here's…

wcf sharepoint authentication kerberos ntlm

asked Sep 09 '10 at 00:02

Alex Angas

59,219
41
137
210

votes

3 answers

NTLM Authentication failing in MultiThreaded application

I have been trying to put together some code that will- among other things - upload files to a Sharepoint site that uses NTLM authentication. Earlier versions of the code were single threaded, and worked perfectly. They uploaded the file exactly as…

java multithreading apache-httpclient-4.x ntlm

asked Apr 16 '15 at 17:29

Davis Broda

4,102
5
23
37

votes

5 answers

Calling IPrincipal.IsInRole on Windows 7

We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that…

c# .net security windows-7 ntlm

asked Apr 20 '10 at 10:12

adrianbanks

81,306
22
176
206

votes

1 answer

How to disable NTLM authentication for OPTIONS requests in IIS

As far as I understand, OPTIONS request must be processed without authentication. I am hosting my web application in IIS 7.x and 8.x and it is using NTLM and Kerberos authentication (this is an intranet application). How do I disable authentication…

http authentication iis kerberos ntlm

asked Sep 11 '14 at 22:32

IT Hit WebDAV

5,652
12
61
98

votes

4 answers

Why is kerberos defaulting to NTLM in WCF?

Got a simple WCF demo app that has two console projects--host and client. Both are running on my machine (win 7 box). I'm using the netTcpBinding, which uses windows authentication. The issue is that authentication is downgrading to NTLM from…

wcf security authentication kerberos ntlm

asked Feb 23 '10 at 14:50

user1228

votes

2 answers

Digest authentication in Python?

I'm trying to access pages from my company server with python. The first trail return 401: Unathorized(the server does need domain username/pwd for authentication). And the header content is as follow, and it seems to support 3 authentication…

python authentication ntlm digest

asked Aug 06 '13 at 14:58

badguy

votes

1 answer

How to enable both CORS support and NTLM authentication

I have a self-hosted c# consol web API. It services several web applications that use AngularJS to perform async http requests. It needs to have both CORS support and NTLM Authentication. I currently have both enabled, but it would appear that…

c# http cors ntlm asp.net-web-api

asked Apr 28 '13 at 23:58

JHixson

1,512
2
14
29

votes

2 answers

GSSException: Message stream modified (41)

I'm working with an LDAP in forest architecture (all servers and my server are windows). I'm binding to the AD using NTLM authentication. I have a Java code that perform the operations against the LDAP server. The code is wrapped as a tomcat…

java security kerberos ntlm gssapi

asked Apr 10 '13 at 17:18

Matan

votes

1 answer

NTLM authentication and smartcards

I'm running a program (Mathematica) in a VMWare VPC behind a corporate internet proxy. Various programs installed in that VPC like IE, Chrome, Excel, Word, Acrobat Reader, and even MS Paint get data from the Internet without problems, but…

authentication proxy ntlm

asked Mar 18 '13 at 23:24

Nescio

votes

1 answer

Impersonating users through NTLM

I have an internal application which has two levels of security. FormsAuthentication for client-facing application and NTLM Integrated authentication for management interface. I can easily impersonate clients by just creating the proper .ASPXAUTH…

c# asp.net impersonation ntlm

asked Aug 06 '09 at 00:44

Vasili Sviridov

Prev 1 2 3

…

81 82 Next