Questions tagged [ntlm]

NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

NTLM has been deprecated for many uses as it doesn't support the latest standards:

Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM - MSDN and to use Kerberos instead.

Despite this NTLM is still used inside enterprise networks where Microsoft Active Directory provides the enterprise directory service for Integrated Windows Authentication when Kerberos is not available.

NTLM over HTTP handshake is fairly simple:

Request  - [unauthenticated - no user info passed]

Response - 401 Unauthorized
           WWW-Authenticate: NTLM


Request  - Authorization: NTLM <base64-encoded type-1-message>

Response - 401 Unauthorized
           WWW-Authenticate: NTLM <base64-encoded type-2-message>


Request  - Authorization: NTLM <base64-encoded type-3-message>

           Server can now check username/password against LDAP from type-3 message
Response - 200 Ok [now authenticated & authorised]

1230 questions

votes

4 answers

Node.js NTLM HTTP Authentication, how to handle the 3 types

I'm trying to get NTLM Authentication working w/ Node.js. I've been reading this ( http://davenport.sourceforge.net/ntlm.html#theNtlmMessageHeaderLayout ). I send the header and get a Base64 authentication header. I tried converting it from Base64…

asked Apr 04 '11 at 15:57

A Wizard Did It

3,614
4
28
32

votes

0 answers

How to disable fallback to NTLM on Spring Security configured with Kerberos?

I have a Spring App configured with Kerberos and it's working fine for users joined to the AD domain. There are other users who access to the app outside the domain, so Kerberos will not work and they should be prompted for user and password (html…

spring kerberos ntlm

asked Jul 17 '18 at 22:21

Nicolás Rossi

votes

0 answers

401 Unauthorized after NTLM authentication error: Unexpected state: MSG_TYPE1_GENERATED

I would like to know what the error messages MSG_TYPE1_GENERATED and MSG_TYPE3_GENERATED (from httpClient/NTLMScheme.State enum) signify to help debug an issue we are having. Can someone please provide the documentation for these errors? I have a…

authentication apache-httpclient-4.x ntlm ewsjavaapi

asked Mar 29 '17 at 10:22

alin ciupeiu

votes

1 answer

What is the equivalent of passing DefaultCredentials in WCF?

This answer explains that when calling a .asmx web service there's no need to specify which authentication type to use: WebServiceProxy proxy = new WebServiceProxy(); // Derived from SoapHttpClientProtocol proxy.Credentials =…

wcf credentials kerberos ntlm

asked Nov 19 '10 at 03:39

Alex Angas

59,219
41
137
210

votes

4 answers

How to implement NTLM Authentication for UIWebView?

I have a use case where a UIWebView may need to connect with a web server secured with NTLM. I also have a use case where I already have the credentials to be passed. So instead of forcing the user to enter them, how do I perform the handshake…

iphone objective-c authentication ntlm

asked Sep 29 '10 at 01:08

Wayne Hartman

18,369
7
84
116

votes

2 answers

How create NTLM Authentification with Retrofit

Since 23 sdk Android class were excluded classes: org.apache.http.auth.AuthScheme; org.apache.http.auth.AuthSchemeFactory; org.apache.http.impl.auth.NTLMScheme; org.apache.http.impl.auth.NTLMEngine; org.apache.http.impl.auth.NTLMEngineException; As…

java android retrofit ntlm

asked Feb 25 '16 at 06:57

Vadim Seleznev

votes

1 answer

AcceptSecurityContext fails when application is running as a service

I have a simple HTTP server that authenticates clients with Negotiate protocol. It uses SSPI calls to acquire server credentials and establish security context. The server is in domain and is running on behalf of the domain user. Everything works…

c# security windows-authentication ntlm sspi

asked Nov 04 '15 at 15:20

username

3,378
5
44
75

votes

0 answers

Python requests NTLM without password

I am trying to access a website that uses NTLM authentication. I have been successfully able to retrieve the content using the requests library in combination with requests-ntlm. However to use that I have to provide both username and password in…

python python-requests ntlm

asked Sep 09 '15 at 12:11

Zitrax

19,036
20
88
110

votes

1 answer

cntlm proxy with phantomjs

I'm trying to use the cntlm proxy on my windows machine to talk to a local web application on IIS that uses Windows Authentication from PhantomJS. To create the proxy, I'm doing: cntlm -v -u username@domain -p password -l 1456 localhost:80 My app…

iis proxy phantomjs windows-authentication ntlm

asked Jul 03 '15 at 14:44

itslittlejohn

1,808
3
20
33

votes

2 answers

How to enable Auto Logon for Google Chrome without prompt

We need to access the intranet site called as "http://mysite/myapp". And with using IE, every domain users can access the site without any prompt. But, if the user try it with Chrome, the logon prompt shows at first. After entering credential just…

asp.net-mvc windows google-chrome internet-explorer ntlm

asked Mar 13 '15 at 05:36

Sangsu PARK

votes

1 answer

HttpClient gives Negotiate error with NTLM auth provider

I am "forcing" the httpclient to do ntlm authentication by using: PoolingHttpClientConnectionManager connPool connPool = new PoolingHttpClientConnectionManager(); Lookup authProviders =…

java authentication apache-httpclient-4.x ntlm

asked Feb 23 '15 at 18:40

Bob Thule

votes

2 answers

Calling WebAPI2 service from AngularJS with NTLM security

I have two projects; one is an MVC project using angular (so not real MVC) and the other is a WebAPI2 project with various controllers feeding data to and accepting data from the first project. The first project is using angular's $http to query…

ajax angularjs asp.net-web-api2 ntlm

asked Jan 30 '15 at 14:39

Loki

votes

0 answers

ColdFusion 11 CFHTTP NTLM support

In ColdFusion 11, Adobe has added NTLM support. However I fail to understand how I can get this working. In particular, the documentation seems to be wrong: it states: For NTLM, to work, the redirect attribute must be set to false However, when…

coldfusion ntlm cfhttp coldfusion-11

asked Dec 23 '14 at 11:31

Roeland

votes

3 answers

How NTLM works for webservice to authenticate users?

I gone through some websites for better understanding of ntlm like http://www.innovation.ch/personal/ronald/ntlm.html. And I started to create a demo which authenticate users in nodejs application using ntlm. In this demo I created application with…

node.js rest http express ntlm

asked Nov 17 '14 at 08:17

Laxmikant Dange

7,606
6
40
65

votes

0 answers

Getting Bower to like proxy firewalls

We have a corporate proxy (NTLM) that wants username, password, as well as user-agent strings. OK, I have the strangest method that works.I would really like a global bowerrc so that I don't have to do all of this. All I want is some clue as to why…

git proxy ntlm bower

asked Jun 24 '14 at 17:01

Dr.YSG

7,171
22
81
139

Prev 1 2 3

…

81 82 Next