Node.js NTLM HTTP Authentication, how to handle the 3 types

Question

I'm trying to get NTLM Authentication working w/ Node.js. I've been reading this ( http://davenport.sourceforge.net/ntlm.html#theNtlmMessageHeaderLayout ). I send the header and get a Base64 authentication header.

I tried converting it from Base64 to UTF8 by making a new Buffer with base64 encoding and then calling toString('utf8') which returns a string something like

NTLMSSP\u0000\u0001\u0000\u0000\u0000\u0007�\b�\u0000

This is where I need help. I understand the NTLMSSP\u0000 is the null terminated signature, but and what the rest is supposed to indicate, but to me it's just garbage. It's unicode characters, but how am I supposed to get actual data out of that? I may be converting it incorrectly, which may be adding to my troubles, but I'm hoping someone can help.

Answer 1

Have a look at http://www.innovation.ch/personal/ronald/ntlm.html What you receive is a Type-2 Message. The pages explains it in a very practical way. You have to extract the server challenge (nonce) and the server flags.

I just implemented a module for node.js to do just that: https://github.com/SamDecrock/node-http-ntlm

Answer 2

Have you looked at NTLMAPS?

You may be able to solve your problem by using it as a proxy server, but if you really want to implement NTLM auth in Javascript, then NTLMAPS provides lots of working code to study.