Jump to content
StephanKallnik

"Single Sign On" with NTLM in a Windows Domain environement doesn't work

Recommended Posts

Hello,

 

i'm trying to get a simple REST request working with NTLM authenticaion and "single sign on".  I'm working with the OverbyteIcsHttpRestTst sample and the TSslHttpRest component. 

When i use NTLM as authentication i get the http-response 401 and automatically the Login-Form pops up and after entering my username and password i get the correct response (200).

 

But after searching and debugging the source-files for HttpProt, NtlmSsp, ... i didn't find or see the correct configuration properties to get it working without entering my credentials.

I tested the HttpRest1.LmCompatLevel := 1; right before doing the RestRequest but it doesn't change anything. But i don't see how single sign own should work as mentioned in change V8.61 

Quote

Improved NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified here.

 

Can some give me please some hints we to look for the correct propreties, config or procedure to get it running.

 

Thanks for your help in advance

Regards

Stephan

Share this post


Link to post

The comment you quote from the source code is from four years ago, and relates to code contributed and tested by an ICS user OAS.  I can not test it since I don't have an NT domain.

 

I can only suggest you search that unit and OverbyteIcsSspi and OverbyteIcsNtlSSp for comments by OAS who made the changes. 

 

Angus

 

Share this post


Link to post

Thanks for your reply.

 

But unfortunately I haven't found an easy way to make NTLM work, as single-sign-on application in a windows domain.

 

Just for information, how we solved it finally:

 

With a hint from a colleague we used the THTTPClient-component from System.Net.HttpClient, which supports NTLM and also the newer Negogiate-protocol from windows, as we need it for our application.

So with this component we have to create some code to process the JSON data, but the heavier part with security, sign-on and TLS comes right out of the box from Delphi.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×