# ntlm.js

**Repository Path**: xiaozg/ntlm.js

## Basic Information

- **Project Name**: ntlm.js
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2023-10-27
- **Last Updated**: 2023-10-27

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

ntlm.js
======
Javascript implementation of Microsoft NTLM authentication over HTTP. Gives you the possibility to do that AJAX NTLM
you've always wanted.

Usage
------
    Ntlm.setCredentials('domain', 'username', 'password');
    var url = 'http://myserver.com/secret.txt';

    if (Ntlm.authenticate(url)) {
        var request = new XMLHttpRequest();
        request.open('GET', url, false);
        request.send(null);
        console.log(request.responseText);
        // => My super secret message stored on server.
    }

Setup
------
On the server side, the following CORS HTTP Response headers are required:
* Access-Control-Allow-Headers: Authorization
* Access-Control-Allow-Methods: GET, OPTIONS
* Access-Control-Allow-Origin: *
* Access-Control-Expose-Headers: WWW-Authenticate

Known issues
-----
Since the IIS isn't built (??) to support CORS, it will react in a most unfortunate way when receiving a
preflight OPTION request (HTTP 401). The remedy for this is to use your own module or disable security checks
in the browser.

References
------
* http://www.innovation.ch/personal/ronald/ntlm.html
* http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/[MS-NLMP].pdf
* http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/[MS-NTHT].pdf