Coder Social home page Coder Social logo

ntlm.js's Introduction

ntlm.js

Javascript implementation of Microsoft NTLM authentication over HTTP. Gives you the possibility to do that AJAX NTLM you've always wanted.

Usage

Ntlm.setCredentials('domain', 'username', 'password');
var url = 'http://myserver.com/secret.txt';

if (Ntlm.authenticate(url)) {
    var request = new XMLHttpRequest();
    request.open('GET', url, false);
    request.send(null);
    console.log(request.responseText);
    // => My super secret message stored on server.
}

Setup

On the server side, the following CORS HTTP Response headers are required:

  • Access-Control-Allow-Headers: Authorization
  • Access-Control-Allow-Methods: GET, OPTIONS
  • Access-Control-Allow-Origin: *
  • Access-Control-Expose-Headers: WWW-Authenticate

Known issues

Since the IIS isn't built (??) to support CORS, it will react in a most unfortunate way when receiving a preflight OPTION request (HTTP 401). The remedy for this is to use your own module or disable security checks in the browser.

References

ntlm.js's People

Contributors

erlandranvinge avatar syedahmad9 avatar

Stargazers

4aiman avatar Travis L. Spencer avatar Bogdan Craciun avatar Troy Poulter avatar Ming Xu avatar avatar yanglong avatar avatar pomelotea2009 avatar maslennikov avatar Nayan Choudhary avatar Lays avatar ZW Cai avatar John Sun avatar Narapat Patcharapornpun avatar Mirko Maggioni avatar Xin Meng avatar avatar avatar avatar Muhammad Miftah avatar Kara avatar Stanislav avatar Emre GULCAN avatar avatar Aleksandar Borzanovic avatar Ricardo Pallas avatar Andrew T. Finnell avatar Joshua Hutt avatar avatar Michael Son avatar Grahame Cenkner avatar Stefano Pernat avatar Younes Baddich avatar Haydar avatar Paul Sore avatar Frederic Charette avatar Marcin W. Dąbrowski avatar Django Wong avatar Aldo de Feo Martinez avatar Ken avatar avatar Ernest Mashele avatar Manuel Romero avatar Julio Rincon avatar Chris Bottin avatar Alan avatar ÐΛИIΞL MΔCΞDѲ avatar Marc avatar Ryan Campbell avatar Vakhurin Sergei avatar

Watchers

avatar Jason Gardner avatar Grahame Cenkner avatar Elmar Vosloo avatar

Forkers

churkin sleetish chrisbottin jofomah ifroz lygstate sunilsoniudaipur kugaevsky modulexcite itmgr mujiansu git-splasher valardconstruction marcomaldonadoaxa juchen0429 bradyhullopeter mlarac yuanwofei jankuc tigerdi iday zhangcl07 lmadams 945226956 northeda devside geniuswh gridprotectionalliance jpweijers jithinktom dshilkret syedahmad9 oroafrica jeevachandru jubiroj trabelsizein iqbmo04 zhaiyuqing2003

ntlm.js's Issues

Async

Hi there! I was wondering if there is a reason why the auth requests are made synchronously rather than async? I am in a situation where I need to make the requests async so wondering if this is deliberate

Is there a way to cache the output of setCredentials() for later use

I am not sure that I understand the NTLM authentication scheme, but it looks like the first "phase" is to issue a semi-encrypted version of the username and password.

I would like to save that to re-use, instead of storing the password or repeatedly prompting the user.

Am I off-base in my understanding?

Subdomains

This works fine for top level domain accounts but I'm having trouble getting it to work with sub domains.

For example, using the credentials Ntlm.setCredentials('TEST.COM', 'JACK', 'JACK') works fine.


However using the credentials Ntlm.setCredentials('SUB.TEST.COM', 'JACK', 'JACK') tells me my credentials are wrong even though I know they are definitely right.


I appreciate any help in advance.

This code doesn't connect to a Exchange Web Services (EWS) application

I'm trying to use this code to authenticate to a EWS server, but unfortunatelly it doesn't work.
The NEGOTIATE message (message1) doesn't get a challenge from the server unless I change the NEGOTIATE flag to 0x00088207.
From my understanding the 0x0008 performs a a NTLMv2 requests.

With these change, the server sends back the CHALLENGE message, but the AUTHENTICATE message the code sends to the server isn't authorized.
The code keeps receiving 401 Unauthorized response.

I see in the spec that the AUTHENTICATE message is different for NTLMv2. This would explain the reason for not get authenticated in the server.

Could you tell me how to be sure if the exchanged messages are v1 or v2?
Do you have any experience with such scenario? NTLM v2?
Do you think your project could be adapted to support NTLM v2 authentication?

Thanks in advance for your help.
Cleiton

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.