0

I want to make an NTLM authentication from a Ionic app. Using postman (a tool to test requests), I was able to make this authentication, and it works perfectly (using NTLM Authentication option).

However, postman does not provide any code to implement this request in Angular (For Ionic).

After making my own research, I found out that Angular 2 and above does not support NTLM authentication. Is that really the case?

So I was thinkig about generating my request with Jquery and the code below (generated by postman). But will it work with Ionic ?

Here is the JQuery Ajax implementation generated by Postman for this request :

var form = new FormData();
form.append("Login", "yakeri");
form.append("Password", "elcimai77");

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://myserver.com/MyService",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json",
    "Cache-Control": "no-cache",
    "Postman-Token": "50392b83-879b-43cb-ba2e-0b5ffc61e2f8"
  },
  "processData": false,
  "contentType": false,
  "mimeType": "multipart/form-data",
  "data": form
}

$.ajax(settings).done(function (response) {
  console.log(response);
});
bobier2
  • 127
  • 10
  • Check [this link](https://stackoverflow.com/questions/36096716/ntlm-authentication-using-angular2) to see if it helps. – imans77 Jul 17 '18 at 15:24
  • 1
    NTLM support is related to the browser, not whatever JS library you're using. What makes you think that Angular in particular somehow doesn't support it? All these libraries - jQuery, Angular etc are just syntactical sugar on top of whatever the browser's implementation of JavaScript is capable of. In terms of ajax, they all just turn your code into a native XHR request at the end of the process. You can't do anything in those frameworks which you couldn't do by writing vanilla JavaScript. – ADyson Jul 17 '18 at 15:42
  • As to your second question, any HTTP server can receive an HTTP request, whether it's generated via AJAX, a regular browser request, or some other tool such as Postman or your own custom-made HTTP client, or whatever, it scarcely matters. As for Ionic, again it's just a code framework. NTLM support will part of the webserver itself, not the code framework which itself runs on top of another framework, in this particular case. – ADyson Jul 17 '18 at 15:44
  • If you're not using IIS as your webserver, NTLM support is going to be thin on the ground, and I'm not clear why you'd even want to start using it with something new - it's old technology. Microsoft themselves moved onto preferring Kerberos years ago, and outside the Windows world there's minimal adoption of it. If you want a modern, cross-platform authentication system try something like OAuth instead, where well-known, robust implementations already exist which you can leverage. – ADyson Jul 17 '18 at 15:46
  • Another confusing thing... `var form = new FormData(); form.append("Login", "yakeri"); form.append("Password", "elcimai77");` in your request data. So...if you're providing a username and password in your request, this implies a forms-based authentication system of some kind? In that case why do you need/want NTLM _as well_? Makes no sense. – ADyson Jul 17 '18 at 15:50
  • can you share what version of Ionic \ Angular you are using? – Sergey Rudenko Jul 17 '18 at 18:05
  • I am using Ionic 3.20.0. Also, I am using IIS webserver (with NTLM authentication). I could not find any documentation about NTLM authentication with Ionic so I am trying to generate the request with pure Javascript (Xhr or Jquery). – bobier2 Jul 18 '18 at 07:43

1 Answers1

1

Finaly, I found out. The javascript code from postman did not work so I just made a simple POST request in Angular and I used http://username:password@myserver.com for the url. It works perfectly now !

Reference : Authenticate Windows Authentication using Javascript

Also, to help people who can be in the same situation and are struggling with CORS issues while using ionic serve, just disable chrome web security in chrome. You should not have any problem with CORS with real devices.

Thanks for your help

bobier2
  • 127
  • 10