NTLM authentication to a proxy/web server using Nsspi Client ??
k2ibegin opened this issue · comments
Hi,
To continue our discussion from the post at
As I said I want to achieve the NTLM authentication from my client program to the web server (IIS/Proxy server). I am wondering if it is possible via the nssp library. At the moment the nsspi has both client side and server side code which uses the SSPI to achieve the authentication.
How can I proceed to may be just use the client side api to somehow replicate what browser does in case of NTLM authentication, which would be to just replicate and fill in the required request response headers for the initial and 2 way handshakes?
I was planning to do it on my own, but not sure if I could utilize a standard mechanism to hash the password and achieve the same without using SSPI ? OR it would be better to use the SSPI api.
I have to write this solution in c#.
Update:
As you suggested I decided to use the client side of NSSPI and try to generate tokens and stuff into the request headers. However, the Server sends back the response as WWW-Authenticate again as NTLM. If i do not Base 64 encode the token before putting in authoraization header then i get back
400 (bad request) error.
I am expecting IIS server to return me the challenge based on the token that i send to it in type 2 message.
Thank you
Kuldeep
I think yes, i was able to resolve it, i shall post a sample code on monday !
Thanks so much! That'd be so helpful, looking forward to checking it out :)
Hey @k2ibegin, figured it out! The problem was that a different socket was being used for each step of the NTLM authentication process, which was causing it to reset unexpectedly.
