New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NTLM Authentication #1137

Closed
letshan opened this Issue Jun 10, 2015 · 136 comments

Comments

@letshan

letshan commented Jun 10, 2015

Hi guys,

We are developing APIs for internal usage, which based on Microsoft Authentication/Authorization methodology, which is NTLM. Just wondering could you add a new tab on the authentication options as NTLM?

I found this article about NTLM is quite useful if you would like to have a look.
http://www.innovation.ch/personal/ronald/ntlm.html

Regards,

Dan

@a85 a85 added the feature label Jun 13, 2015

@fuksito

This comment has been minimized.

fuksito commented Aug 7, 2015

Would love to have it as well

@InitiateNorth

This comment has been minimized.

InitiateNorth commented Nov 6, 2015

Negotiate/NTLM would be a massive plus for testing with Postman.

@henriale

This comment has been minimized.

henriale commented Nov 6, 2015

+1

@jeffzmartin

This comment has been minimized.

jeffzmartin commented Nov 10, 2015

This would be great to have

@InitiateNorth

This comment has been minimized.

InitiateNorth commented Nov 10, 2015

It seems if you use Chrome first it will negotiate etc and postman will use these settings after.. Still would be nice if it was explicit in Postman

@JakobReiter

This comment has been minimized.

JakobReiter commented Dec 16, 2015

+1

@a85 a85 added transfer and removed transfer labels Jan 28, 2016

@RonakThakkar

This comment has been minimized.

RonakThakkar commented Feb 10, 2016

+1

7 similar comments
@hkrug

This comment has been minimized.

hkrug commented Feb 16, 2016

+1

@giuliocaccin

This comment has been minimized.

giuliocaccin commented Feb 16, 2016

+1

@klabbe

This comment has been minimized.

klabbe commented Feb 22, 2016

+1

@loedeman

This comment has been minimized.

loedeman commented Mar 3, 2016

+1

@mikedevita

This comment has been minimized.

mikedevita commented Mar 9, 2016

👍

@BandoKal

This comment has been minimized.

BandoKal commented Mar 15, 2016

+1

@jaredcnance

This comment has been minimized.

jaredcnance commented Mar 17, 2016

+1

@CrannaA

This comment has been minimized.

CrannaA commented Mar 18, 2016

It would be great if this were added in such a way that Newman could also use NTLM.

@tpaivaa

This comment has been minimized.

tpaivaa commented Mar 31, 2016

+1

1 similar comment
@ChrissiFi

This comment has been minimized.

ChrissiFi commented Apr 4, 2016

+1

@redkhalil

This comment has been minimized.

redkhalil commented Apr 12, 2016

+1
Any update on this? I tried to login via Chrome first but it's not working. Right now I'm left to using curl.

@guilhermeando

This comment has been minimized.

guilhermeando commented Apr 20, 2016

+1

@ChrissiFi

This comment has been minimized.

ChrissiFi commented Apr 20, 2016

I'm working on other projects at the moment so unable to return to this for
a while but maybe you can follow this up with Guilherme who says he's
seeing the same thing?

On Tue, Apr 12, 2016 at 3:24 AM, Khal!l notifications@github.com wrote:

Any update on this? I tried to login via Chrome first but it's not
working. Right now I'm left to using curl.


You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#1137 (comment)

@rkilcoyne

This comment has been minimized.

rkilcoyne commented Apr 26, 2016

+1

@tpkelly

This comment has been minimized.

tpkelly commented Apr 27, 2016

+1 especially for Newman support

@geraldchecka

This comment has been minimized.

geraldchecka commented Apr 28, 2016

+1
Desperately need this feature to test one of my service.

@Moulde

This comment has been minimized.

Moulde commented Apr 29, 2016

+1

1 similar comment
@KennethScott

This comment has been minimized.

KennethScott commented May 27, 2016

+1

@Gladskih

This comment has been minimized.

Gladskih commented Jun 5, 2016

'must have' feature! I've been surprised it's not available in the app.

@DerekHackett

This comment has been minimized.

DerekHackett commented Aug 30, 2017

+1

2 similar comments
@rasik210

This comment has been minimized.

rasik210 commented Sep 7, 2017

+1

@Alex-Torres

This comment has been minimized.

Alex-Torres commented Sep 9, 2017

+1

@Moily

This comment has been minimized.

Moily commented Sep 21, 2017

Can we be given an ETA for this feature, at the very least? It would be great to be able to return to Postman.

@harryi3t harryi3t self-assigned this Sep 21, 2017

@RobbyDeLaet

This comment has been minimized.

RobbyDeLaet commented Sep 21, 2017

I have contacted support and they promised NTLM authentication in the mid-end October release (this year).

I would have liked that someone from Postman made this reply though.

@harryi3t

This comment has been minimized.

harryi3t commented Sep 21, 2017

The PR for NTLM is merged in runtime
This will be released with Postman 5.3 🎉

@harryi3t harryi3t added this to the 5.3 milestone Sep 26, 2017

@harryi3t harryi3t removed this from Suggestions in Plugins Sep 26, 2017

@harryi3t harryi3t moved this from Doing to Done in Authorization Oct 5, 2017

@harryi3t

This comment has been minimized.

harryi3t commented Oct 9, 2017

Hi, everyone

Postman 5.3.0 is out with support for NTLM!
Can someone please confirm that this is working as expected?

Thanks

@RobbyDeLaet

This comment has been minimized.

RobbyDeLaet commented Oct 9, 2017

A test with a WorkstationID on my personal PC works fine.
I will test with a Domain account asap. I have to request a software update on my clients PC (which can take some time).

@FelixBoers

This comment has been minimized.

FelixBoers commented Oct 9, 2017

Works as expected on Windows 10!
Thanks for this awesome feature. I've waited for this so long!

@harryi3t

This comment has been minimized.

harryi3t commented Oct 9, 2017

Thank you @flex87 and @RobbyDeLaet for confirming the fix and thank you for your patience.
Closing this.

@fonbrauzen

This comment has been minimized.

fonbrauzen commented Oct 17, 2017

Hmm, I saw this Beta NTLM Auth after release, but now it's gone somehow. Have you changed something?

@madebysid

This comment has been minimized.

madebysid commented Oct 17, 2017

@fonbrauzen You might have accidentally switched to the Chrome app, NTLM is supported only on native apps for now.

@bennymeade

This comment has been minimized.

bennymeade commented Oct 23, 2017

@harryi3t / Everyone fantastic addition.

With this NTLM Beta version, should the extracted RestSharp code work in Visual Studio?
Because in VS I still get "Unauthorized".

(edit) SOLUTION:
using RestSharp.Authenticators;

RestClient client = new RestClient(_baseURL);
client.Authenticator = new NtlmAuthenticator();

@harryi3t

This comment has been minimized.

harryi3t commented Oct 23, 2017

@bennymeade I am afraid that this is not supported yet.
Generating code snippets only works with simple information like URL and headers, etc
Currently, it does not take the authentication into account.

Please open a new issue for this as a feature request.

@bennymeade

This comment has been minimized.

bennymeade commented Oct 23, 2017

@harryi3t No need for a new issue, it is working.

Once I added client.Authenticator = new NtlmAuthenticator(string username, string password); to my VS RestSharp project.

@ikrasnopeev

This comment has been minimized.

ikrasnopeev commented Dec 14, 2017

Worked for me in 5.3.2, but stopped working in 5.4.1 and 5.5.0.

In my scenario I'm switching different users during same collection run, e.g.:
loginAsUser1
doSomething1
loginAsUser2
doSomething2
loginAsUser1
doSomething3

NTLM auth scheme is used.
In 5.3.2 I was able to do this by adding fake logins using BASIC auth requests.

So effectively loginAsUserN actually was 2 requests:
loginAsUserN-1 - used BASIC auth
loginAsUserN-2 - used NTLM auth

In 5.3.2 those 2 "UI" requests were effectively shown as 4 request in Postman Console:
1 - Req: authorization:"Basic...
1 - Resp: 401 www-authenticate: NTLM
2 - Req: no authorization header
2 - Resp: 401 www-authenticate: NTLM
3 - Req: authorization: "NTLM {short string}"
3 - Resp: 401 www-authenticate: "NTLM {long string}"
4 - Req: authorization: "NTLM {long string}"
4 - Resp: 200

It looks like in 5.3.2 1st (basic auth) request helps Postman (server???) to forget NTLM session(?) and whole NTLM handshake is triggered from the beginning.
But again - this is working like a charm in 5.3.2.

In 5.4.1 and 5.5.0 it is broken:
1st "loginAsUser1" still is resolved in 4 requests in Postman Console (same as I shown above)

loginAsUser2 is resolved into 3 requests: 1,3 and 4 of above - looks like Postman remembers server will require NTLM so it sends "authorization: "NTLM {short string}"" right away. But this still works for server, so 200 is returned as result of 4th request.

What does not work is my 2nd "loginAsUser1". According to Postman console only 1 and 4 above request are sent: seems like Postman remembers it already did NTML for user1, so it immediately sends "NTLM {long string}" it used in 1st "loginAsUser1" sequence omitting whole NTML handshake sequence. Server doesn't like such approach and returns 401 instead of 200.

Downgraded to 5.3.2 for now. Any way to restore 5.3.2 NTML functionality? I understand that my usecase might be unusual, but maybe make this behavior configurable?

Thanks!

@sonichanxiao

This comment has been minimized.

sonichanxiao commented Jun 20, 2018

I tried in v6.1.3, doesn't work with SharePoint 2010 hosted Web API services for a GET action, always return 401, have provided domain\username and password

@harryi3t

This comment has been minimized.

harryi3t commented Jun 22, 2018

@sonichanxiao This might be related to the issue #4711

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment