开发者

Node.js NTLM HTTP Authentication, how to handle the 3 types

开发者 https://www.devze.com 2023-02-22 13:05 出处:网络
I\'m trying to get NTLM Authentication working w/ Node.js. I\'ve been reading this ( http://davenport.sourceforge.net/ntlm.html#theNtlmMessageHeaderLayout ). I send the header a开发者_如何学Pythonnd g

I'm trying to get NTLM Authentication working w/ Node.js. I've been reading this ( http://davenport.sourceforge.net/ntlm.html#theNtlmMessageHeaderLayout ). I send the header a开发者_如何学Pythonnd get a Base64 authentication header.

I tried converting it from Base64 to UTF8 by making a new Buffer with base64 encoding and then calling toString('utf8') which returns a string something like

NTLMSSP\u0000\u0001\u0000\u0000\u0000\u0007�\b�\u0000

This is where I need help. I understand the NTLMSSP\u0000 is the null terminated signature, but and what the rest is supposed to indicate, but to me it's just garbage. It's unicode characters, but how am I supposed to get actual data out of that? I may be converting it incorrectly, which may be adding to my troubles, but I'm hoping someone can help.


Have a look at http://www.innovation.ch/personal/ronald/ntlm.html What you receive is a Type-2 Message. The pages explains it in a very practical way. You have to extract the server challenge (nonce) and the server flags.

I just implemented a module for node.js to do just that: https://github.com/SamDecrock/node-http-ntlm


Have you looked at NTLMAPS?

You may be able to solve your problem by using it as a proxy server, but if you really want to implement NTLM auth in Javascript, then NTLMAPS provides lots of working code to study.


Sam posted the best resource I've seen for understanding what's going on.

jclulow on GitHub seems to have implemented it in a Samba library he built.

Take a look here: https://github.com/jclulow/node-smbhash under lib\ntlm.js you can see how he's handled the responses.


I've built client a couple of months ago using javascript, ntlm.js. Maybe that can help you get along. It was based on the documentation @ innovation.ch and Microsofts own official documentation (see the references on the github page).

0

精彩评论

暂无评论...
验证码 换一张
取 消