1

I couldn't find anything on SO that matches my requirement - only one or two questions that had some similarities but nothing close to mine. There is this that is a mish mash of different possible 'solutions' that doesn't address my req: Javascript/Ajax NTLM Authentication. Plus - it's 5 years old and seems to be more of .net code.

My requirement: I'm trying to access a csv file on a remote server, by doing it in a jquery ajax call. The remote server is a sharepoint server that hosts the csv file. The remote server is setup with ntlm authentication.

What I've done so far: I'm able to successfully access the said file from Postman by doing a GET call, and passing in the username and password in the 'Authentication' tab (of Postman) and setting the 'Headers' values as 'Authorization = true' and 'Accept = application/json' values (in Postman). I'm able to retrieve all the rows of the csv file including the header row.

I need to REPLICATE what I'm able to successfully do via Postman (posted above) in a jquery ajax call (ie: pass in the relevant ntlm authentication info), and retrieve the rows from the csv file.

I currently have the following code but have no idea of how to perform the ntlm authentication in jquery:

 $.ajax({
                url: "https://xxxxx.yyyyyy.com/abc/def-efg/hijk/MyFile.csv",
                type: "GET",
                headers: {
                "ACCEPT": "application/json;odata=verbose"
                },
                success: function(data){
                var results = data.d.results;
                for(i=0; i < data.d.results.length; i++){
                    console.log(i + data.d.results[i].Title);
                }
                }
            });

I have the necessary 'domain', 'username' & 'password' info, but need some guidance on how to go about incorporating that info into the code above. P.S. I tried the ntlm plugin that someone posted on the 5 year old question thread on SO (which I posted above), but it didn't work for me (I didn't see any output or errors in the chrome console). That code is as follows:

Ntlm.setCredentials('MyDomain', 'username', 'password');
var url = 'https://abc.def.com/sites/xyz- 
Home/myfiles/MyFile.csv';

            if (Ntlm.authenticate(url)) {
                var request = new XMLHttpRequest();
                request.open('GET', url, false);
                request.send(null);
                console.log(request.responseText);
                // => My super secret message stored on server.
            }
Roger Dodger
  • 927
  • 2
  • 16
  • 37
  • 1
    Any time you're putting usernames and passwords in JavaScript browser-based code, you know you're heading down the wrong path. :-) If the users should have access to that CSV file, they should authenticate themselves. If not, your app shouldn't be exposing the CSV (and the information needed to get it and, perhaps, other things). If it's *really* okay to get this CSV without authenticating, update the SharePoint config so it's available without authentication. – T.J. Crowder Oct 04 '18 at 12:10
  • @T.J.Crowder - thanks for the heads up about the heads up re security. It's not possible for the users to auth since this is a coldfusion app that resides in a CF server. I don't have access to sharepoint since it's hosted by a sharepoint team. – Roger Dodger Oct 04 '18 at 12:22
  • 2
    Those are the problems you should be trying to solve, not embedded authorization to a restricted resource in source code you're making accessible to end users. Need the permissions on the CSV relaxed? Contact the SharePoint team. They won't do it? Then you shouldn't either, surely; escalate to management. – T.J. Crowder Oct 04 '18 at 12:27
  • 1
    Are you simply trying to reach a .csv file that Sharepoint generated, or are you trying to interact with Sharepoint? – Shawn Oct 04 '18 at 14:41
  • @Shawn - I'm trying to access/reach the .csv file that is living/being hosted on the Sharepoint server. The only reason i'm 'interacting' with SharePoint is because I'm trying to access said .csv file. – Roger Dodger Oct 08 '18 at 14:04
  • Any solutions? I need to do this as well but the user/pass will be populated from form inputs rather than hard coded in JS. – Drew Jan 29 '19 at 18:01
  • Drew - None whatsoever; we gave up on this approach. – Roger Dodger Jan 31 '19 at 00:08

0 Answers0