we are having some problems with using node-webkit and web servers requiring authentication.
First of all node-webkit does not seem to support Integrated Authentication (Negotiate,Kerberos,Windows Authentication) which at least Google Chrome does (i would hope thats part of Chromium though).
It pops up an authentication dialog instead. This means i cannot use it transparently to develop line of business apps.
Now thats not good but the dialog that pops up is worse :)
First of all it CRASHES when i cancel the authentication dialog. It should show a simple Access Denied or redirect to the previous location instead.
Then it does not allow TAB which means i cannot just type my username and then TAB to the password field, i actually have to click it. Same for closing the dialog which does not support RETURN/ENTER.
Second of all when i disable Basic Authentication on the Server, but leave NTLM ON, which means node-webkit gets an www-authenticate header but with only and it still pops up the dialog.
Also after pressing ok it crashes quite often, sometimes it works sometimes it does not.
At the very least it should be possible via a html or node callback to be notified of an 401 before it is handled and abort it.
Did anyone have any success with using node-webkit against authenticated server ? Other than O-Auth etc...
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
+1 for authentication dialog on windows.
It would be good if there was some way to "hook" this authentication to customize / bypass authentication.
+1 I am facing the same problem on windows.
Please suggest any other approaches to by-pass the issue temporarily.
+1 I am also facing the same issue.
Thinking of using a local forward proxy and configuring it with required credentials to do away with this issue.
@rogerwang Are there any plans on supporting this?? We'd like to use node-webkit to integrate a business webapp with some desktop features wherefore Windows Authentication (kerberos) is a must for a seamless transition. @kshetragya 's suggestion to use a local forward proxy sounds interesting, but still it is an enormous hack to workaround something Chromium/Chrome seems to already support.
Thanks for any hint!
Btw, @kshetragya did you succeed on your approach to use a local forward proxy?? The idea I'm currently following is to instantiate a local node server from within node-webkit and have it function as an authentication reverse proxy. I still have to verify whether I'll be able to read the Kerberos cache for extracting a valid ticket.
@juristr since it's already part of Chromium it shouldn't be very hard to implement. I'll look to add this feature in 0.9.1. Thanks.
If this get fixed nothing better than that :) The local proxy approach is working for Basic Authentication (Squid). I am yet to get my hands on an ISA Server to test the NTLM also. I have zeroed in on cntlm to act as a local proxy.
@rogerwang Awesome, I'm willing to beta test as (to be honest) we already have a node-webkit app running where we now have exactly this authentication problem. Just to know...are there any plans for when 0.9.1 will be available (or at least a beta build I could try)??
@juristr it's planned to be released in Feb.
Awesome. I'll keep an eye on it. If needed I can also easily verify the correct functioning once it is available as I have the enire environment already set up.
I have to push this to 0.9.2 -- 0.9.1 was just released to fix regressions in 0.9.0
enable NTLM settings auth-server-whitelist etc
enables --auth-server-whitelist, --auth-schemes
will test it as soon as I have 5 mins of time
You may need these arguments: --auth-server-whitelist="*yourdomain.com" --auth-negotiate-delegate-whitelist="*yourdomain.com"
You may need these arguments:
You may need these arguments:
Yep, tried that already with the old version but obviously with no success. @rogerwang Do you happen to have already some prebuild binaries for 0.9.2 (Win 32 or 64bit) so that I can test it?? Only because I don't probably have the build environment setup correctly to be able to build one by myself. Thx
@juristr yeah. This is fixed it git and will be released with 0.9.2
@juristr see https://s3.amazonaws.com/node-webkit/v0.9.2/node-webkit-v0.9.2-pre-win-ia32.zip
@rogerwang Perfect, just tried it and it works. Didn't even have to whitelist the authentication domain, but that might be specific to my environment.
Thanks a lot for solving this!
@rogerwang, The version 0.9.2 stopped working basic authentication. I had to add
to get basic authentication working again.
Is it possible to change line 170 of "src/shell_browser_context.cc" to:
auth_schemes = "digest,ntlm,negotiate;basic";
@angrypro can you give an example on how to start nw to enable authentication? I have an application using basic authentication and tried variations on the following with no luck:
./nw myapp.nw --auth-server-whitelist="*" --auth-negotiate-delegate-whitelist="*" "chromium-args"="--auth-schemes='digest,ntlm,negotiate,basic'"
Hello @josdejong ,
Just set "chromium-args" on "package.json" like this:
"name": "Your Application Name",
"description": "Your Application Description",
ah, easy as that! Thanks, this works perfectly fine.
The original post talks about the authentication dialog showing, and the OP wondering if there is anyway to bypass this and deal with the authentication problem himself. I want to do the same, but can't figure out how to keep the dialog from showing up, if the basic auth credentials are incorrect.
Anybody have any insight into how to do this?
@matthiasg, did you ever find a way around it yourself?
@tphalp , my planned approach was to handle whole NTLM handshake manually using https://github.com/erlandranvinge/ntlm.js or https://github.com/SamDecrock/node-http-ntlm .
In that case I would store credentials locally and use them independently from what user have used for windows log in.
@CoolSpot Thanks for your input. I'll take a look.
@tphalp sorry for missing your question .. no we did not look into this any further as we have switched to token-based authentication and the server does the rest of the authentication on the backend .. for integrated authentication we are now deploying a secondary service and i.e. doing another call to an 'authentication' service which returns an authentication token via ssl ..
@matthiasg Thanks for the reply.
This seems to be happening again in 0.11.2
@rogerwang Crashing on a mac running osx 10.9 and 10.10. Works fine on windows.
There still isn't a way to prevent the dialog popping up right? We've moved basic auth calls to the node side for now to avoid it.
Seems to be crashing again on 0.12.
Yeah because they removed --auth-schemes flag and replaced it with a policy setting
Hello, I am having the same issue and i do not understand how i can modify the policy settings to prevent chromium to show the authentication popup.
What am i missing ?