Description
This REBOL library offers the support for the Microsoft NTLM (NT Lan Manager) authentication scheme over a Windows LAN.
It requires an active REBOL /Library component to access the Windows security API, so it only works on Windows
platforms. The NTLM scheme is often used as authentication scheme in enterprise networks with
HTTP proxies (MS Proxy or ISA Server). The first goal of this library is to allow any REBOL application (including REBOL/Link clients)
to pass through NTLM proxy server (providing a valid login/pass !)
For easier use, the NTLM library is wrapped into a standard REBOL scheme : ntlm://. This allows you to use it
in other contexts than HTTP authentication, where NTLM is required.
A patch for the REBOL HTTP protocol is provided in the archive to transparently authenticate with a NTLM
proxy server.
Server-side challenging is not supported in this version, but it will be included in a future release.
Usage
Here's a simple NTLM library usage example :Download the NTLM library and unpack it (ZIP archive). Open a REBOL console and change-dir to the installation folder, then type the following code (providing the address and port number for your NTLM proxy server) :
>> do %http-patch.r >> set-ntlm-proxy <proxy host> <proxy port>If you need to specify the Windows network domain name, just use the /domain refinement with a string! value :
>> set-ntlm-proxy/domain <proxy host> <proxy port> "<domain name>"Then try to read an HTTP url :
>> read http://rebol.com Enter proxy authentication username: <login> Enter proxy authentication password: <password> connecting to: rebol.com == {<HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1"> <META NAME="keywords" CONTENT="REBOL, X ...You'll be asked for a valid login and password only once per REBOL session. Usually, your Windows login account information would be enough for the proxy server.
If you're running REBOL/View, you can also try with the desktop command !
If web page reading test fails, you can ask for some debugging informations using REBOL's standard trace function :
>> trace/net on >> read http://rebol.com
How to quickly discover if your HTTP proxy server requires NTLM authentication ?
Do the following test in a REBOL console :>> p: open/no-wait tcp://<proxy host>:<proxy port> >> insert p "GET http://rebol.com HTTP/1.0^/Host: rebol.com^/^/" >> probe copy pThen you should get something like this if your proxy requires authentication :
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ) Proxy-Authenticate: Negotiate Proxy-Authenticate: Kerberos Proxy-Authenticate: NTLM Connection: Keep-Alive Proxy-Connection: Keep-Alive Pragma: no-cache Cache-Control: no-cache Content-Type: text/html Content-Length: 4096 ...The Proxy-Authenticate header shows what authentication method is accepted. In this example, both 'Kerberos and 'NTLM are valid methods. Other main authentication methods are : 'Basic (built in REBOL) and 'Digest (not supported by REBOL).
Developer's Documentation
To be done...History
- v.1.0.3 - 31-Mar-2008
- HTTP patch updated to match REBOL v2.7.6
- Major bug fixed in HTTP authentication request when in proxy mode (Thanks to Thorsten Moeller for his kind help).
- Fixed HTTP request line endings to conform with the RFC
- HTTP receive buffer size increased to 64Kb
- Minor source code cleanup
- v.1.0.2 - 06-Jan-2005
- Fixed an issue with Domain encoding. (Thanks to Paul Tretter for his useful feedback)
- v.1.0.1 - 04-Jan-2005
- Added Domain (WorkGroup) support to the 'set-ntlm-proxy function.
- Now supports trace/net logging.
- v.1.0.0 - 03-Jan-2005
- First public release.