本文介绍如何使用ntlm.js库实现基于Microsoft NTLM的身份验证。通过简单的示例展示了如何设置凭证并进行HTTP请求。同时,文章还强调了服务器端配置CORS的相关HTTP响应头的重要性。
ntlm.js
Javascript implementation of Microsoft NTLM authentication over HTTP. Gives you the possibility to do that AJAX NTLM
you've always wanted.
Usage
Ntlm.setCredentials('domain', 'username', 'password');
var url = 'http://myserver.com/secret.txt';
if (Ntlm.authenticate(url)) {
var request = new XMLHttpRequest();
request.open('GET', url, false);
request.send(null);
console.log(request.responseText);
// => My super secret message stored on server.
}
Setup
On the server side, the following CORS HTTP Response headers are required:
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: WWW-Authenticate
Known issues
Since the IIS isn't built (??) to support CORS, it will react in a most unfortunate way when receiving a
preflight OPTION request (HTTP 401). The remedy for this is to use your own module or disable security checks
in the browser.
References
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
