Skip to content

Latest commit

 

History

History
37 lines (32 loc) · 1.28 KB

readme.md

File metadata and controls

37 lines (32 loc) · 1.28 KB

ntlm.js

Javascript implementation of Microsoft NTLM authentication over HTTP. Gives you the possibility to do that AJAX NTLM you've always wanted.

Usage

Ntlm.setCredentials('domain', 'username', 'password');
var url = 'http://myserver.com/secret.txt';

if (Ntlm.authenticate(url)) {
    var request = new XMLHttpRequest();
    request.open('GET', url, false);
    request.send(null);
    console.log(request.responseText);
    // => My super secret message stored on server.
}

Setup

On the server side, the following CORS HTTP Response headers are required:

  • Access-Control-Allow-Headers: Authorization
  • Access-Control-Allow-Methods: GET, OPTIONS
  • Access-Control-Allow-Origin: *
  • Access-Control-Expose-Headers: WWW-Authenticate

Known issues

Since the IIS isn't built (??) to support CORS, it will react in a most unfortunate way when receiving a preflight OPTION request (HTTP 401). The remedy for this is to use your own module or disable security checks in the browser.

References