Geek Answers Handbook

Windows authentication headers without .NET. Possible?

I was wondering if anyone knows how to use Windows authentication without hosting on an ASP site. This is an intranet with access to LDAP, so I wonder if there is a way to get the client to provide me with the data as if it came from an ASP site. I just need a domain and username to log in, and I can run from there. Using Node.js on Ubuntu. Does anyone have any experience?

+5
source share
4 answers

Update: Now a module that implements Windows authentication .

401 WWW-Authenticate NTLM, , Windows.

response.writeHead(401, {
    'WWW-Authenticate': 'NTLM',
});

NTLM-. NTLM:

  • :

    GET /index.html HTTP/1.1

  • 401, , . NTLM WWW-Authenticate. , :

    HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM
Connection: close

    , Internet Explorer NTLM, ; RFC 2616, , .

  • Authorization, Type 1 message. 1 Base-64 . ; . , HTTP- "Keep-Alive" HTTP 1.1 ( ). :

    GET /index.html HTTP/1.1
Authorization: NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==

  • 401, 2 WWW-Authenticate ( , Base -64). .

    HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAARABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZABvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAuAGMAbwBtAAAAAAA=

  • 2, Authorization, Base-64 3:

    GET /index.html HTTP/1.1
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBUAEkATwBOAMM3zVy9RPyXgqZnr21CfG3mfCDC0+d8ViWpjBwx6BhHRmspst9GgPOZWPuMITqcxg==

  • , 3 .

     HTTP/1.1 200 OK

– 3. , , - . .

+9

Apache mod_ntlm mod_auth_ntlm_winbind.

Ubuntu:

root@eruditorum.org:~# apt-cache search ntlm apache
libapache2-authenntlm-perl - Perform Microsoft NTLM and Basic User Authentication

root@eruditorum.org:~# apt-cache show libapache2-authenntlm-perl
Package: libapache2-authenntlm-perl
Priority: optional
Section: universe/perl
Installed-Size: 192
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
Original-Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Architecture: amd64
Version: 0.02-5
Depends: libapache2-mod-perl2, libc6 (>= 2.4), perl (>= 5.10.0-9), perlapi-5.10.0
Conflicts: libauthen-smb-perl (<= 0.96)
Filename: pool/universe/liba/libapache2-authenntlm-perl/libapache2-authenntlm-perl_0.02-5_amd64.deb
Size: 51418
MD5sum: 46f74ac156f7006d8d71ddbf00097e46
SHA1: 133aebf896156929d364950c2772c3e1344b9c9b
SHA256: 0688b38ab145f888a4d111aad12cb7f201dcd6e12ed969af697d3fec4a55c428
Description: Perform Microsoft NTLM and Basic User Authentication
 The purpose of this module is to perform a user authentication via Microsoft's
 NTLM protocol. This protocol is supported by all versions of the Internet
 Explorer and is mainly useful for intranets. Depending on your preferences
 setting IE will supply your windows logon credentials to the web server
 when the server asks for NTLM authentication. This saves the user to type in
 his/her password again.
 .
 The NTLM protocol performs a challenge/response to exchange a random number
 (nonce) and get back a md4 hash, which is built from the user password
 and the nonce. This makes sure that no password goes over the wire in plain
 text.
 .
 The main advantage of the Perl implementation is, that it can be easily
 extended to verify the user/password against other sources than a windows
 domain controller.
 .
 The default implementation is to go to the domain controller for the given
 domain and verify the user. If you want to verify the user against another
 source, you can inherit from Apache2::AuthenNTLM and override it methods.
Homepage: http://search.cpan.org/dist/Apache2-AuthenNTLM
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
0

NTLM Apache, script IIS, node.js.

0

Ubuntu,

sudo apt-get ntlmaps 'ntlmaps-xx-xx.deb'

-, , .

ntlmaps . Ntlmaps . . Ntlmaps , . , , ntlmaps. , , ?

0

More articles:


All Articles