0

as you know NTLM authenticate has following step:

  1. (Interactive authentication only) A user accesses a client computer and provides a domain name, user name, and password. The client computes a cryptographic hash of the password and discards the actual password.

  2. The client sends the user name to the server (in plaintext).

  3. The server generates a 16-byte random number, called a challenge or nonce, and sends it to the client.

  4. The client encrypts this challenge with the hash of the user’s password and returns the result to the server. This is called the response.

  5. The server sends the following three items to the domain controller:

◦User name

◦Challenge sent to the client

◦Response received from the client

  1. The domain controller uses the user name to retrieve the hash of the user’s password from the Security Account Manager database. It uses this password hash to encrypt the challenge.

  2. The domain controller compares the encrypted challenge it computed (in step 6) to the response computed by the client (in step 4). If they are identical, authentication is successful.

my question is how can i send username, challenge, response (step 5) to domain controller to validate it in node.js? i see some library such as express-ntlm and passport-ntlm but these library don't have config to pass certificate to connect to domain controller..

Improve this question
5
  • 1
    This sounds like an XY Problem. Q: What exactly do you want to do? Do you just want to "authenticate" so that your Node script can access some Windows resource? Commented Dec 25, 2016 at 5:36
  • hi @paulsm4.sry im sorry about bad question..this is my first question in stackoverflow..i done step 1 to 4 and in step 5 i want to send username, Challenge,Response code to domain controller to authenticate but i dont know how can i send it to domain controller.. Commented Dec 25, 2016 at 5:48
  • You seem to want to (re)implement NTLM yourself. Unless you absolutely need to - for some reason you're not telling us - DON'T!!! Consider a library like this: Is it possible to use Windows integrated auth without IIS?. Or consider just shelling out a "net use" command in your Node.JS script. Commented Dec 25, 2016 at 6:35
  • thank you @paulsm4 for you're answer but those library such as express-ntlm and node-sspi dont have config to pass certificate to connect to domain controller and i need to pass certificate..actually i cant connect to my domain controller without certificate (because of security reason) thats why i have to re(impelement) NTLM.. do you know any information or reference to authenticate with NTLM method (username, chalange, reponse) with "net" command? Commented Dec 25, 2016 at 9:10
  • 1
    I still think you're making this a lot harder on yourself than it needs to be :( But please check these links: Kerberos authentication in Node.js, nodejs.org/api/tls.html, Windows Integrated Authentication in node.js Client Commented Dec 25, 2016 at 18:33
Related questions
6
Node.js NTLM HTTP Authentication, how to handle the 3 types
12
NTLM authentication using node.js
4
node.js HTTP request with automatic ntlm / kerberos authentication
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.