ntlm

The HTTP request is unauthorized with client authentication scheme ‘Ntlm’ The authentication header received from the server was ‘NTLM’

by

Visual Studio 2005 Create a new console application project in Visual Studio Add a “Web Reference” to the Lists.asmx web service. Your URL will probably look like: http://servername/sites/SiteCollection/SubSite/_vti_bin/Lists.asmx I named my web reference: ListsWebService Write the code in program.cs (I have an Issues list here) Here is the code. using System; using System.Collections.Generic; using System.Text; … Read more

Using NTLM authentication in Java applications

by

Out of the above list, only ntlmv2-auth and Jespa support NTLMv2. Jespa is workable but commercial. ntlmv2-auth I haven’t tried but it’s based on the code from Liferay, which I’ve seen working before. ‘ntlm-authentication-in-java’ is only NTLMv1, which is old, insecure, and works in a dwindling number of environments as people upgrade to newer Windows … Read more

WCFTestClient The HTTP request is unauthorized with client authentication scheme ‘Anonymous’

by

I didn’t have control over the security configuration for the service I was calling into, but got the same error. I was able to fix my client as follows. In the config, set up the security mode: <security mode=”TransportCredentialOnly”> <transport clientCredentialType=”Windows” proxyCredentialType=”None” realm=”” /> <message clientCredentialType=”UserName” algorithmSuite=”Default” /> </security> In the code, set the proxy … Read more

NPM behind NTLM proxy

by

I solved it this way (OS: Windows XP SP3): 1. Download CNTLM installer and run it. 2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it’s never a good idea to store unencrypted passwords in text files. Username YOUR_USERNAME Domain YOUR_DOMAIN Proxy YOUR_PROXY_IP:PORT Listen 53128 3. Open console, … Read more

401 response for CORS request in IIS with Windows Auth enabled

by

You can allow only OPTIONS verb for anonymous users. <system.web> <authentication mode=”Windows” /> <authorization> <allow verbs=”OPTIONS” users=”*”/> <deny users=”?” /> </authorization> </system.web> According W3C specifications, browser excludes user credentials from CORS preflight: https://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#preflight-request