New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for NTLMv2 authentication #8038
Comments
I'm having this issue. I'm trying to work with Microsoft's Dynamics Business Central (formerly known as NAV) on-premises and our server is setup for NTLM authentication. I was not aware of the distinction between NTLMv1 and NTLMv2 but the behavior described here is identical to what I'm experiencing. Authenticating through browsers (all the major ones) works fine. |
Is there any update on this feature request? I have a client we finally figured out their IIS servers only allow NTLMv2 authentication, so hence the 401 Unauthorized errors in Postman. |
Please is there an update on this feature request? The 401 error occurs when NTLMv2 is used. |
I wouldn't really consider this "few in numbers." Any Windows environment that respects security has NTLMv2. We cannot use Postman because this feature is broken. |
I have this issue as well |
Postman has literally become unusable, would love this to be implemented and fixed. The first couple requests always pass and then they all seem to fail. This happens both in the CLI (neman) and in the UI. |
My company just turned off NTLMv1 enterprise wide and Postman no longer functions for us when connecting to our APIs hosted on IIS with Windows Auth enabled. For us to continue using Postman it will have to be updated to handle NTLMv2. |
@coditva Any status update on a resolution to this issue? |
Our company uses a strict security policy, only NTLMv2 is allowed, so we are not able to use Postman for dev / uat / prod environment. Any update when this will be supported? It can't be that difficult? |
Why is this issue being ignored? It renders the application completely useless, our whole infrastructure supports only NTLM v2, nobody can send requests using Postman. |
Only really option is to switch to a different tool. I've been using Insomnia which has been sufficient for our needs. |
Thanks, I will switch to Insomnia. |
I’m curious for what reasons people use postman for? You can capture a http request and replay it with just a few lines of code in .net. I can see the advantage from and end user perspective but not from any automated testing perspective. |
I would second that - we are using Postman for Microsoft product integrations, and their ERP product (Business Central) API is now not accessible with postman, most likely due to this issue. |
I've switched to using Insomnia years ago, due to Postman's issues when using NTLM. It doesn't seem to be a real priority for them. |
our organisation has also moved to using Insomnia. but I personally liked the postman interface. but looks like I can't use until this is fixed. its 2 years since first report and hasn't got any attention. :-( |
Same here. Postman is a great product, but too often it takes years before a serious issue or feature request is solved. I can no longer defend the use of Postman in our organization. We are also considering the move to Insomnia. |
FYI to those who like using Postman but this issue is show stopper... |
Any idea when NTLMv2 will be implemented? More and more companies are changing their security policies to Send NTMLv2 response only and this issue makes Postman useless for Windows Server environments. |
My PR SamDecrock/node-http-ntlm#101 implements NTLMv2 for the underlying library. Switching it out for the newman CLI allows collections using NTLM against an NTLMv2-only server to go through. I do not know how to update the one included in the Postman app though for testing (either just the package or the built runtime). |
Also running into this issue with a few customers who are not allowed to use NTLMv1 anymore (obligations from security auditor which are required to get the audit signed off). Time to fix this Postman! I'll be trying Insomnia for now... |
Same problem. Since 21st of September, a used service is only offered by NTLMv2. |
The underlying library now supports NTLMv2 so it's just a question of the runtime updating the dependency (created PR postmanlabs/postman-runtime#1244). @coditva @giridharvc7 it would be great if you could help validate that or get the right people involved on that PR (there is a CI failure on all PR builds there at the moment) |
@dasMulli Thanks! I just merged the PR, will let you know once this lands in the Postman app. |
Looks like this is now part of Postman 10.6.0 and it works in our environment 🥳 Thanks! |
Can also confirm this works for our environment. Thanks @dasMulli @codenirvana! |
Yes, this was released in v10.6.x. Thanks @dasMulli and @HejdasGonnaHate for trying this out and confirming. 🚀 |
Sorry, but it took so long to implement this request that we have made the switch to Insomnia. |
The NTLM implemented in Postman only supports NTLMv1. Some servers (although few in number), have a policy to only allow NTLMv2 with no backward compatibility because NTLMv2 is more secure. This makes NTLM authentication in Postman App return status code 401.
The text was updated successfully, but these errors were encountered: