authentication problems (dialog crashes etc) #590

Closed
matthiasg opened this Issue Apr 5, 2013 · 32 comments
@matthiasg

we are having some problems with using node-webkit and web servers requiring authentication.

First of all node-webkit does not seem to support Integrated Authentication (Negotiate,Kerberos,Windows Authentication) which at least Google Chrome does (i would hope thats part of Chromium though).

It pops up an authentication dialog instead. This means i cannot use it transparently to develop line of business apps.

Now thats not good but the dialog that pops up is worse :)

First of all it CRASHES when i cancel the authentication dialog. It should show a simple Access Denied or redirect to the previous location instead.

Then it does not allow TAB which means i cannot just type my username and then TAB to the password field, i actually have to click it. Same for closing the dialog which does not support RETURN/ENTER.

Second of all when i disable Basic Authentication on the Server, but leave NTLM ON, which means node-webkit gets an www-authenticate header but with only and it still pops up the dialog.

Also after pressing ok it crashes quite often, sometimes it works sometimes it does not.

At the very least it should be possible via a html or node callback to be notified of an 401 before it is handled and abort it.

Did anyone have any success with using node-webkit against authenticated server ? Other than O-Auth etc...

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@omarbenhamid

+1 for authentication dialog on windows.
It would be good if there was some way to "hook" this authentication to customize / bypass authentication.

@rogerwang rogerwang was assigned Jan 13, 2014
@kscraja

+1 I am facing the same problem on windows.

Please suggest any other approaches to by-pass the issue temporarily.

@kshetragya

+1 I am also facing the same issue.
Thinking of using a local forward proxy and configuring it with required credentials to do away with this issue.

@juristr

@rogerwang Are there any plans on supporting this?? We'd like to use node-webkit to integrate a business webapp with some desktop features wherefore Windows Authentication (kerberos) is a must for a seamless transition. @kshetragya 's suggestion to use a local forward proxy sounds interesting, but still it is an enormous hack to workaround something Chromium/Chrome seems to already support.
Thanks for any hint!

Btw, @kshetragya did you succeed on your approach to use a local forward proxy?? The idea I'm currently following is to instantiate a local node server from within node-webkit and have it function as an authentication reverse proxy. I still have to verify whether I'll be able to read the Kerberos cache for extracting a valid ticket.

@rogerwang
nwjs member

@juristr since it's already part of Chromium it shouldn't be very hard to implement. I'll look to add this feature in 0.9.1. Thanks.

@rogerwang rogerwang added this to the v0.9.1 milestone Feb 4, 2014
@kshetragya

If this get fixed nothing better than that :) The local proxy approach is working for Basic Authentication (Squid). I am yet to get my hands on an ISA Server to test the NTLM also. I have zeroed in on cntlm to act as a local proxy.

@juristr

@rogerwang Awesome, I'm willing to beta test as (to be honest) we already have a node-webkit app running where we now have exactly this authentication problem. Just to know...are there any plans for when 0.9.1 will be available (or at least a beta build I could try)??

@rogerwang
nwjs member

@juristr it's planned to be released in Feb.

@juristr

Awesome. I'll keep an eye on it. If needed I can also easily verify the correct functioning once it is available as I have the enire environment already set up.

@rogerwang
nwjs member

I have to push this to 0.9.2 -- 0.9.1 was just released to fix regressions in 0.9.0

@rogerwang rogerwang modified the milestone: 0.9.2, v0.9.1 Feb 13, 2014
@rogerwang rogerwang added a commit that closed this issue Feb 14, 2014
@rogerwang rogerwang enable NTLM settings auth-server-whitelist etc
Fix #590
enables --auth-server-whitelist, --auth-schemes
--gssapi-library-name, --auth-negotiate-delegate-whitelist
830e1b6
@rogerwang rogerwang closed this in 830e1b6 Feb 14, 2014
@juristr

will test it as soon as I have 5 mins of time

@rogerwang
nwjs member

You may need these arguments: --auth-server-whitelist="*yourdomain.com" --auth-negotiate-delegate-whitelist="*yourdomain.com"

@juristr

You may need these arguments:

Yep, tried that already with the old version but obviously with no success. @rogerwang Do you happen to have already some prebuild binaries for 0.9.2 (Win 32 or 64bit) so that I can test it?? Only because I don't probably have the build environment setup correctly to be able to build one by myself. Thx

@rogerwang
nwjs member

@juristr yeah. This is fixed it git and will be released with 0.9.2

@juristr

@rogerwang Perfect, just tried it and it works. Didn't even have to whitelist the authentication domain, but that might be specific to my environment.

Thanks a lot for solving this!

@rogerwang rogerwang added a commit that referenced this issue Feb 21, 2014
@rogerwang rogerwang enable NTLM settings auth-server-whitelist etc
Fix #590
enables --auth-server-whitelist, --auth-schemes
--gssapi-library-name, --auth-negotiate-delegate-whitelist
38e33ff
@angrypro

@rogerwang, The version 0.9.2 stopped working basic authentication. I had to add
"chromium-args": "--auth-schemes='digest,ntlm,negotiate,basic'"
to get basic authentication working again.

Is it possible to change line 170 of "src/shell_browser_context.cc" to:
auth_schemes = "digest,ntlm,negotiate;basic";

@josdejong

@angrypro can you give an example on how to start nw to enable authentication? I have an application using basic authentication and tried variations on the following with no luck:

./nw myapp.nw --auth-server-whitelist="*" --auth-negotiate-delegate-whitelist="*" "chromium-args"="--auth-schemes='digest,ntlm,negotiate,basic'"
@angrypro

Hello @josdejong ,

Just set "chromium-args" on "package.json" like this:

{
"name": "Your Application Name",
"description": "Your Application Description",
"version": "1.0",
"chromium-args": "--auth-schemes='digest,ntlm,negotiate,basic'"
}

@josdejong

ah, easy as that! Thanks, this works perfectly fine.

@tphalp

The original post talks about the authentication dialog showing, and the OP wondering if there is anyway to bypass this and deal with the authentication problem himself. I want to do the same, but can't figure out how to keep the dialog from showing up, if the basic auth credentials are incorrect.

Anybody have any insight into how to do this?

@matthiasg, did you ever find a way around it yourself?

@CoolSpot

@tphalp , my planned approach was to handle whole NTLM handshake manually using https://github.com/erlandranvinge/ntlm.js or https://github.com/SamDecrock/node-http-ntlm .
In that case I would store credentials locally and use them independently from what user have used for windows log in.

@tphalp

@CoolSpot Thanks for your input. I'll take a look.

@matthiasg

@tphalp sorry for missing your question .. no we did not look into this any further as we have switched to token-based authentication and the server does the rest of the authentication on the backend .. for integrated authentication we are now deploying a secondary service and i.e. doing another call to an 'authentication' service which returns an authentication token via ssl ..

@tphalp

@matthiasg Thanks for the reply.

@4ver

This seems to be happening again in 0.11.2

@rogerwang rogerwang added the test-todo label Dec 15, 2014
@rogerwang rogerwang reopened this Dec 15, 2014
@4ver

@rogerwang Crashing on a mac running osx 10.9 and 10.10. Works fine on windows.

There still isn't a way to prevent the dialog popping up right? We've moved basic auth calls to the node side for now to avoid it.

@coreybutler

Seems to be crashing again on 0.12.

@tomlandia

Yeah because they removed --auth-schemes flag and replaced it with a policy setting

@hermesdj

Hello, I am having the same issue and i do not understand how i can modify the policy settings to prevent chromium to show the authentication popup.
What am i missing ?

@maxfarseer

Any good news ?
Crashing on OS X 10.11 and node-webkit 0.12

@nwjs-bot

This should be working with latest version now.

In 0.13 we changed to an optimized architecture so more features can be supported, see http://nwjs.io/blog/whats-new-in-0.13/ and it's good for keeping up with Chromium upstream -- we released with Node.js v6.0 and new Chromium versions within 1 day after upstream release.

The new version would fixed many issues reported here and we're scrubbing them. This issue is closed as we believe it should be fixed. Please leave a message if it isn't and we'll reopen it.

@nwjs-bot nwjs-bot closed this Jul 11, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment