NTLM Authentication Failed, the server finally response "401", but not "200 OK"

3
votes

I'm using Node.js to connect to Server with NTLM Authentication. As the NTLM protocol steps below(refer: http://www.innovation.ch/personal/ronald/ntlm.html).

1: C  --> S   GET ...

2: C <--  S   401 Unauthorized
              WWW-Authenticate: NTLM

3: C  --> S   GET ...
              Authorization: NTLM <base64-encoded type-1-message>

4: C <--  S   401 Unauthorized
              WWW-Authenticate: NTLM <base64-encoded type-2-message>

5: C  --> S   GET ...
              Authorization: NTLM <base64-encoded type-3-message>

6: C <--  S   200 Ok

the 1-5 step works fine, but in the 6th step, the server didn't return me with 200 OK, but returned me with status code 401, and with headers:

HEADS: { 

   'content-type': 'text/html',
   server: 'Microsoft-IIS/8.0',
   'www-authenticate': 'Negotiate, NTLM',
   'x-powered-by': 'ASP.NET',
   date: 'Sat, 12 Jul 2014 06:44:25 GMT',
   'content-length': '1293'

}

Is there anything wrong? Could you help me? Why doesn't it return 200 OK and correct response body? Thanks very much

1
ntlm
Can you provide us the 1293-byte content?Alireza
Hi, Alireza. It's the html 401 page. The body content is:<html xmlns="w3.org/1999/xhtml">...<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>...</body></html>kevin_song
Can you double-check all of these? the password hashing, the character-encoding and base-64 encoding? You can use Fiddler to check the step-5 content.Alireza
And also check the domain-name and user nameAlireza
Hi,Alireza. I've found the answer. Please see my comment blow. Thanks:-)kevin_song

1 Answers

2
votes

all.

I found the answer finally. I use this ntlm module(https://www.npmjs.org/package/ntlm) to do the ntlm Authentication. And it doesn't work because I use wrong username. I found it from debug log and you can also found this info in the adfs machine's event view(it will have error info). I'm sorry for the stupid mistake, but not bad now I know ntlm well. Thanks Alireza. Thanks all:-)