NTLM authentication

2 posts, 0 answers
  1. Sagi
    Sagi avatar
    60 posts
    Member since:
    Sep 2008

    Posted 11 Mar 2015 Link to this post

    Hi,
    I'm using NTLM authentication in my site .
    I'm trying to find out how can I extract the User Name sent to the server by the client.
    After reading MS article  (https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx) I thought that the User Name is sent from the client after the first 401 challenge the server sends. (which means the scond request the client initiates)
    However , when looking in Fiddler I have realized that the second request from the client (after the first 401) did not include the User Name
    Only the third request (ending with 200 status code) included the User Name (as plain Text).
    Can you please explain ?
    _________________________________________________
    First Request ended with 401 ;
    No Proxy-Authorization Header is present.

    No Authorization Header is present.
    _________________________________________________



    _________________________________________________
    Second request ended with 401 (challenge from server)

    No Proxy-Authorization Header is present.

    Authorization Header is present: Negotiate
    4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 08 E2  NTLMSSP.....—‚.â
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    06 02 F0 23 00 00 00 0F                          ..ð#....        


    -[NTLM Type1: Negotiation]------------------------------
    Provider: NTLMSSP
    Type: 1
    OS Version: 6.2:9200
    Flags: 0xe2088297
    Unicode supported in security buffer.
    OEM strings supported in security buffer.
    Request server's authentication realm included in Type2 reply.
    Sign (integrity)
    NTLM authentication.
    Negotiate Always Sign.
    Negotiate NTLM2 Key.
    Supports 56-bit encryption.
    Supports 128-bit encryption.
    Client will provide master key in Type 3 Session Key field.
    Domain_Offset: 0; Domain_Length: 0; Domain_Length2: 0
    Host_Offset: 0; Host_Length: 0; Host_Length2: 0
    Host: 
    Domain: 
    ------------------------------------



    _________________________________________________
    third request ended with 200

    No Proxy-Authorization Header is present.

    Authorization Header is present: Negotiate
    4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00  NTLMSSP.........
    80 00 00 00 18 00 18 00 98 00 00 00 06 00 06 00  €.......˜.......
    58 00 00 00 0C 00 0C 00 5E 00 00 00 16 00 16 00  X.......^.......
    6A 00 00 00 10 00 10 00 B0 00 00 00 15 82 88 E2  j.......°....‚ˆâ
    06 02 F0 23 00 00 00 0F 6F 4B 84 5D 4A 6A 67 C5  ..ð#....oK„]JjgÅ
    49 E7 9B E6 ED D5 B9 9F 47 00 45 00 52 00 73 00  Iç›æíÕ¹ŸG.E.R.s.
    6B 00 61 00 72 00 6E 00 69 00 53 00 4B 00 41 00  k.a.r.n.i.S.K.A.
    52 00 4E 00 49 00 2D 00 4D 00 4F 00 42 00 4C 00  R.N.I.-.M.O.B.L.
    26 FB C4 DC FC BE 0B 6A 00 00 00 00 00 00 00 00  &ûÄÜü¾.j........
    00 00 00 00 00 00 00 00 64 0B 2C 82 FA 33 05 17  ........d.,‚ú3..
    CF 6D 43 44 06 C0 F0 50 5D EA E3 E5 34 69 38 B4  ÏmCD.ÀðP]êãå4i8´
    E8 F1 E0 A5 46 72 6F CF D3 36 4A 25 BB 0D DF 16  èñà¥FroÏÓ6J%».ß.


    -[NTLM Type3: Authentication]------------------------------
    Provider: NTLMSSP
    Type: 3
    OS Version: 6.2:9200
    Flags: 0xe2888215
    Unicode supported in security buffer.
    Request server's authentication realm included in Type2 reply.
    Sign (integrity)
    NTLM authentication.
    Negotiate Always Sign.
    Negotiate NTLM2 Key.
    Target Information block provided for use in calculation of the NTLMv2 response.
    Supports 56-bit encryption.
    Supports 128-bit encryption.
    Client will provide master key in Type 3 Session Key field.
    lmresp_Offset: 128; lmresp_Length: 24; lmresp_Length2: 24
    ntresp_Offset: 152; ntresp_Length: 24; ntresp_Length2: 24
    Domain_Offset: 88; Domain_Length: 6; Domain_Length2: 6
    User_Offset: 94; User_Length: 12; User_Length2: 12
    Host_Offset: 106; Host_Length: 22; Host_Length2: 22
    msg_len: 176
    Domain: GER
    User: skarni
    Host: SKARNI-MOBL
    lm_resp: 26 FB C4 DC FC BE 0B 6A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    nt_resp: 64 0B 2C 82 FA 33 05 17 CF 6D 43 44 06 C0 F0 50 5D EA E3 E5 34 69 38 B4
    ------------------------------------

    _________________________________________________

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 13 Mar 2015 Link to this post

    Hello, Sagi--

    The article you linked describes the NTLM process in the abstract, not in terms of its implementation over HTTP. For that, you should see Microsoft's formal standard document: https://msdn.microsoft.com/en-us/library/cc237488.aspx


    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
Back to Top