![]() The client requests a protected resource from the server: GET /index.html HTTP/1.1 Quoting from this document about the NTLM authentication protocol: When you receive a HTTP 401 from IIS with a WWW-Authenticate header containing NTLM, you now have the fun of implementing the NTLM authentication protocol. "Windows integrated authentication" is what's known as NTLM authentication. Obviously this uses Kerberos rather than NTLM/Negotiate, so this may or may not work depending on your exact situation. There are several client implementations such as http-ntlm, but they are not truly integrated since they require the user password - they do not use SSPI to do transparent auth.ΔΆ019 Update: It appears to be possible to use the kerberos library to do true Windows-integrated HTTP auth using SSPI (ie, use the node process' token to do transparent auth). node-sspi uses SSPI (the Windows security API) to handle the server side of things, but does not do client auth. 2015 Update: There are now some modules that implement Windows-integrated authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |