0

I'm attempting to build a two-way Slack integration with on on-premises Microsoft TFS REST endpoint, using Node.js and PHP as the main processors of the data to and from. I can successfully perform GETs against the on-prem TFS install using NTLM authentication, and parse the data through to Slack. So I know that (1) the endpoint is working, (2) I am capable of authenticating to it, and (3) I can get data from it without problem.

Where I'm hitting a blocking point is trying to POST a query to the TFS endpoint and get a successful response. I'm generating the POST request within PHP, and when it executes against an insecure website, the POST body and headers pass through just fine. However, when I change the URL on that POST request to be the TFS endpoint, protected by an NTLM layer, I get an error saying that the content-type is invalid (TFS requires "application/json" and the request it's receiving has no header, so is defaulting to "application/x-www-form-urlencoded" and failing).

It looks like somehow the request body and headers aren't being passed beyond the NTLM authentication step, but I have no idea why that would be, nor how to ensure that it will push through. I've checked out some tips and tricks online, but haven't been able to break through yet.

Here's the latest version of the PHP code that I'm using:

$ch = curl_init();
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
//curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_URL,$baseURL);    
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTREDIR,3);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERPWD, $userpwd);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postBody);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Accept: application/json',
    'Transfer-Encoding: chunked',
    'x-metadata: testing',
    'x-testing: This is a value'
));

Any ideas on how to ensure that the POST body and HTTP headers are surviving the trip through the NTLM layer?

ctgilley
  • 25
  • 6
  • Check if this thread helps : [How to set the authorization header using curl](https://stackoverflow.com/questions/3044315/how-to-set-the-authorization-header-using-curl), and this one : https://stackoverflow.com/questions/15110507/php-ntlm-session-with-curl – Andy Li-MSFT Oct 19 '17 at 09:11
  • I'm not having trouble setting auth headers; that works fine for the GET, and I'm using the same pattern for the POST. I'm also not trying to persist the NTLM authentication beyond the POST call, so I don't immediately see how a cookie would help. – ctgilley Oct 19 '17 at 15:27
  • The odd thing is that this works perfectly when I send the request through the RESTlet application in Chrome, but I cannot for the life of me figure out why it's dying when I try to do it in PHP with curl. – ctgilley Oct 19 '17 at 17:24
  • Managed to make this happen bypassing NTLM entirely and just using a PAT from the TFS server. Not ideal, since I'll need to renew it every year, but it gets the job done. – ctgilley Oct 19 '17 at 20:13

0 Answers0