0

I am trying to use express-ntlm to get windows user name without authentication.

in my app.js, i put the following:

var app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');

app.use(favicon());
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use('/', routes);
var ntlm = require('express-ntlm'); 
app.use(ntlm()); 
app.use('/search', search);

This gives me a 401 error in node.js when loading http://localhost:3000/search In chrome console: Failed to load resource: Failed to load resource: net::ERR_UNEXPECTED

what is the correct sequence of routing here? thanks.

========= modified to ==============

var express = require('express');
var path = require('path');
var favicon = require('static-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');

var routes = require('./routes/index');
var TT = require('./routes/TT');
var KYEC_stat = require('./routes/KYEC_stat');
var ftc = require('./routes/ftc');
var volPerDevice = require('./routes/topVolPerDevice');
var search = require('./routes/search');

var ntlm = require('express-ntlm'); 
var app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');

app.use(favicon());
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use(ntlm()); 
app.use('/search', search);
app.use('/tt', TT);
app.use('/kyec', KYEC_stat);
app.use('/ftc', ftc);
app.use('/vol', volPerDevice);
app.use('/', routes);

/// catch 404 and forward to error handler
app.use(function(req, res, next) {
    var err = new Error('Not Found');
    err.status = 404;
    next(err);
});

======= topVolPerDevice.js ================

var config = require('../config.json');
var express = require('express');
var query = require('pg-query');
var assert = require('assert');
var async = require('async');
var url = require('url');
var queryString = require('querystring');

var router = express.Router();


/* Display quantity tested per device id since 2011 using d3 */
/* The query will first select all lot records and their earliest test date (which is the 'P' insertion incoming material quantity);
   then use {lotid, lotstartdate} to retrieve all 1st insertion lot records, then add up lots per device;
   then return the 1st 20 device id which tops inocming material quantity;
 */
router.get('/', function(req, res) {
        query.connectionParameters = config.reportConnStr;      //connecting to localhost
        var deviceArray = new Array();
        var sqlstr =  "sdfsfdfsdsfds";
        query(sqlstr, function(err, rows, result) {
            assert.equal(rows, result.rows);
            for (var i = 0; i < rows.length; i++) {
                var device = {};
                device.name = rows[i].device;
                device.value = rows[i].totalqtyout;
                deviceArray.push(device);        
            }
            res.render('d3t1', {deviceArray:deviceArray});                      
        });
});

module.exports = router;

===== update 2/25/2015 =============

I am re-visiting the problem this week, and I reached a little bit further. I tried to put down a few debug statements in express-ntlm.js and also installed firebug in firefox. It turns out that it is probably not about the sequence of middleware.

return function(request, response, next) {
    if (!request.connection.id) {
        request.connection.id = utils.uuidv4();
    }

    var auth_headers = request.headers.authorization;

    var user = request.connection.ntlm;
....
}

over here, my request.connection.ntlm is null.

What could be the reason here? is it about browser settings or my network settings?

I am running this over company network, and I am on a network domain.

enter image description here

sqr
  • 365
  • 2
  • 12
  • 29
  • updates in original question. – sqr Feb 25 '15 at 06:55
  • Actually, it's no problem that `request.connection.ntlm` is null. This is to check, wether the connection is already authenticated or not. – Fabio Poloni Feb 25 '15 at 07:28
  • Could you try this basic setup? `var express = require('express'), ntlm = require('express-ntlm'); var app = express(); app.use(ntlm()); app.all('*', function(request, response) { response.end(JSON.stringify(request.ntlm)); }); app.listen(80);` – Fabio Poloni Feb 25 '15 at 07:31
  • Hi @Fabio, I tried. It wouldn't reach the app.all() part. – sqr Feb 27 '15 at 06:27
  • The code will execute to handle_type1(...) => connect_to_proxy(...) => proxy.negotiate(...) and then go to the callback of connect_to_proxy(...), which simply sets the status code to 401 and end response. is this signalling a failure somewhere? – sqr Feb 27 '15 at 06:28
  • HTTP status-code 401 is "Unauthorized", which means that the user is not authorized at this moment. If it sets the status to 401 and ends the response, it seems to be working as expected. Could you log the `challenge.toString('base64')` to the console on line [express-ntlm.js#L149](https://github.com/einfallstoll/express-ntlm/blob/master/lib/express-ntlm.js#L149)? This would help to see wether there's an error in `express-ntlm` or your browser. Btw. what OS and browser do you use? – Fabio Poloni Feb 27 '15 at 07:06
  • Hi @FabioPoloni, thanks. i just attached the firebug screen capture. would it be sufficient? – sqr Feb 27 '15 at 07:15
  • I am using win + chrome; I also tried firefox. – sqr Feb 27 '15 at 07:25
  • Your screenshot show the NTLM Negotiation Request and the NTLM Challnege Response, which is `NTLM TlRMTVNTUAACAAAAAAAAAAAoAAABggAAASNFZ4mrze8AAAAAAAAAAA==`. – Fabio Poloni Feb 27 '15 at 07:31
  • Please add `console.log('NTLM Authentication Result:', result);` on line [express-ntlm.js#L171](https://github.com/einfallstoll/express-ntlm/blob/master/lib/express-ntlm.js#L171). – Fabio Poloni Feb 27 '15 at 07:34
  • >nodemon 27 Feb 16:20:32 - [nodemon] v1.3.7 27 Feb 16:20:32 - [nodemon] to restart at any time, enter `rs` 27 Feb 16:20:32 - [nodemon] watching: *.* 27 Feb 16:20:32 - [nodemon] starting `node ./bin/www` [express-ntlm] No Authorization header present GET /search 401 5ms [express-ntlm] No domaincontroller was specified, all Authentication messages are valid. challenge.toString('base64') = TlRMTVNTUAACAAAAAAAAAAAoAAABggAAASNFZ4mrze8AAAAAA AAAAA== GET /search 401 2ms – sqr Feb 27 '15 at 08:22
  • Could you try the basic setup from above? – Fabio Poloni Feb 27 '15 at 10:31
  • Hi, @Fabio, are you referring to line 171. I tried but it didn't reach there. The above is print out from L149. – sqr Feb 28 '15 at 03:44
  • Sorry, my background on NTLM is zero. Is the 401 http response considered a challenge to browser and chrome should reply with an answer whose header contains a NTLM uSer name and domain? – sqr Feb 28 '15 at 03:49
  • NTLM in very basic words: Browser makes a request, server answers with 401 and tells him to authenticate using NTLM. Browser tries again, this time with a NTLM message (just information). Server answers with a 401 (again!) and gives him a challenge. Browser now finally sends him an authentication with username and so on. Server validates (only with domain controller set!) the login, extracts user information and answers with the requested ressource and most likely a 200 OK. – Fabio Poloni Feb 28 '15 at 05:38
  • So in this case, my browser received the 2nd 401 response, but didn't make any answer? – sqr Feb 28 '15 at 06:00
  • In that case there must be a problem in your browser *or* you just don't see the response. It's hard to debug the NTLM protocol, because most browser will only show the resulting request/response instead of the whole flow. – Fabio Poloni Feb 28 '15 at 06:02
  • thanks for the information, @FabioPoloni the discussion is probably too long to read. I have continued the question to: http://stackoverflow.com/questions/28825549/how-to-use-fiddler-to-debug-ntlm-protocol-with-chrome – sqr Mar 03 '15 at 06:41
  • I recently discovered a [bug](https://github.com/einfallstoll/express-ntlm/issues/8) using NTLM Authentication in Windows 10 (and probably Windows 8 and Windows 8.1 as well). – Fabio Poloni Mar 13 '15 at 06:04

1 Answers1

0

UPDATE:

Change to this in the app.js:

app.use(ntlm()); 
app.use('/', search);
app.use('/', TT);
app.use('/', KYEC_stat);
app.use('/', ftc);
app.use('/', volPerDevice);
app.use('/', routes);

And add '/vol' in the router in the topVolPerDevice file:

var config = require('../config.json');
var express = require('express');
var query = require('pg-query');
var assert = require('assert');
var async = require('async');
var url = require('url');
var queryString = require('querystring');

var router = express.Router();


/* Display quantity tested per device id since 2011 using d3 */
/* The query will first select all lot records and their earliest test date (which is the 'P' insertion incoming material quantity);
   then use {lotid, lotstartdate} to retrieve all 1st insertion lot records, then add up lots per device;
   then return the 1st 20 device id which tops inocming material quantity;
 */
router.get('/vol', function(req, res) {
        query.connectionParameters = config.reportConnStr;      //connecting to localhost
        var deviceArray = new Array();
        var sqlstr =  "sdfsfdfsdsfds";
        query(sqlstr, function(err, rows, result) {
            assert.equal(rows, result.rows);
            for (var i = 0; i < rows.length; i++) {
                var device = {};
                device.name = rows[i].device;
                device.value = rows[i].totalqtyout;
                deviceArray.push(device);        
            }
            res.render('d3t1', {deviceArray:deviceArray});                      
        });
});

module.exports = router;
  • thanks, MrBearAndBeer. I re-posted my question with the recommended edit, however, it still shows GET /search 401 5ms any idea? – sqr Jan 28 '15 at 07:58
  • can you show me the just the code of one route file? –  Jan 28 '15 at 13:11
  • thanks again, MrBearAndBeer. I re-posted with my routes JavaScript. – sqr Jan 29 '15 at 05:46
  • @sqr can you share all the app with github or send to my email? –  Jan 29 '15 at 05:52
  • @sqr see my update answer.. i try to update the question instead of my answer, sorry.. –  Jan 29 '15 at 05:59
  • sorry for the late reply! I just tried what you recommended; and it still doesn't work. – sqr Jan 30 '15 at 08:57
  • interestingly, i noticed that if i type http://localhost:3000/vol in firefox ( i was using chrome), it will prompt me with a login message box, saying 'Enter username and password for http://localhost:3000 is this supposed to happen? – sqr Jan 30 '15 at 08:59
  • @sqr Yes, this is supposed to happen, because Firefox doesn't support NTLM as Chrome does. – Fabio Poloni Mar 13 '15 at 06:15