Reputation: 7688
How NTLM works for webservice to authenticate users?
I gone through some websites for better understanding of ntlm like http://www.innovation.ch/personal/ronald/ntlm.html. And I started to create a demo which authenticate users in nodejs application using ntlm. In this demo I created application with expressjs and express-ntlm modules. But still I didn't understood that, how ntlm works with nodejs webservices?
I am having some questions in my mind about ntlm authentication.
- How ntlm works for webservice?
- How can I customize login page while using ntlm? currently I am getting input box for login credentials.
- Which users can I use to authenticate? currently the application accepting anything as username and password. So I am not clear that which username and password it will use.
Here is my code.
var app, express, ntlm;
express = require('express');
ntlm = require('express-ntlm');
app = express();
app.all('/', ntlm());
app.get('/', function(request, response) {
response.send(request.ntlm);
});
app.listen(3000);
Upvotes: 6
Views: 9649
Answers (3)
Reputation: 20088
NTLM PROCESS FOR GET REQUESTS:
STEP 1: The Client requests a protected resource from the server
STEP 2: The Server responds with a 401 status, with a header indicating that the client must authenticate
STEP 3: The Client resubmits the request with an Authorization header containing a Base-64 encoded Type 1 message. From this point forward, the connection is kept open; closing the connection requires reauthentication of subsequent requests.
STEP 4: The Server replies with a 401 status containing a Base-64 encoded Type 2 message in the WWW-Authenticate header
STEP 5: The Client responds to the Type 2 message by resubmitting the request with an Authorization header containing a Base-64 encoded Type 3 message
STEP 6: Finally, the Server validates the responses in the client's Type 3 message and allows access to the resource.
NTLM PROCESS FOR POST REQUESTS:
STEP 1: The Client submit an empty POST request with a Type 1 message in the "Authorization" header
STEP 2: The Server replies with a 401 status containing a Base-64 encoded Type 2 message in the WWW-Authenticate header
STEP 3: The Client resubmits the POST with a Base-64 encoded Type 3 message Type 3 message, sending the data payload with the request.
Upvotes: 0
Reputation: 15715
I think you are looking for this answer. Read the answer by josh3736, he explains the flow in NTLM.
Also as suggested by Brian Shamblen, you dont really need to get into all this stuff, passport.js can efficiently handle all this for you. here is a tutorial http://passportjs.org/guide/
Upvotes: 2
Reputation: 4703
There is a Passport.js authentication strategy that supports NTLM authentication and has a method for allowing a custom login screen. How to configure it will depend on which type of server you're using, but they do a good job of explaining the concepts within their examples.
Look at the section Non-Integrated authentication
https://www.npmjs.org/package/passport-windowsauth
Upvotes: 5
Related Questions
- NTLM Api access with Node.js
- node.js HTTP request with automatic ntlm / kerberos authentication
- Node.js NTLM HTTP Authentication, how to handle the 3 types
- Does Rest Client support NTLM Auth?
- How to implement username/password auth with express ntlm?
- Javascript/Ajax NTLM Authentication
- NTLM Authentication with request-ntlm
- How can invoke SOAP webservice in node js with NTLM authentication
- NTLM authentication using node.js
- Soap NTLM Authorization