NTLM Authorization on Rest Service Provider
Nick V asked 5 years ago
I want to use the REST Service Provider to call a function on a locally hosted website. However the site expects NTLM authentication, is there a way to pass this in the REST parameters, I don’t want to have to use a web service/WSDL.
Answers
Patrick Roth Staff answered 5 years ago
You would set up an Authorization header param as Shannon does in this REST article on Concur.
https://www.eonesolutions.com/tech-tuesday-smartconnect-rest-connector/
Now one difference is that uses an OAUTH token vs NTLM authentication. You’ll need that NTLM token (which isn’t a plain text user/password) however SC doesn’t have that capability yet. You would just have to “know it” and enter it there the same as the OAUTH token.
So how do you find it?
You could use a tool like Postman. Postman allows you to enter several credential types including NTLM.
Then when it makes a call to the web service, it converts the creds entered into a proper authorization header.
https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization
Once you get that value from Postman, you would just copy it into the field in SmartConnect.
If you are able to find it in Postman for some reason, you could use a tool like Fiddler (www.fiddler2.com) which would trace all calls out to the web service. It WILL be able to capture everything sent including the authorization.
https://www.eonesolutions.com/tech-tuesday-smartconnect-rest-connector/
Now one difference is that uses an OAUTH token vs NTLM authentication. You’ll need that NTLM token (which isn’t a plain text user/password) however SC doesn’t have that capability yet. You would just have to “know it” and enter it there the same as the OAUTH token.
So how do you find it?
You could use a tool like Postman. Postman allows you to enter several credential types including NTLM.
Then when it makes a call to the web service, it converts the creds entered into a proper authorization header.
https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization
Once you get that value from Postman, you would just copy it into the field in SmartConnect.
If you are able to find it in Postman for some reason, you could use a tool like Fiddler (www.fiddler2.com) which would trace all calls out to the web service. It WILL be able to capture everything sent including the authorization.
Nick Van Cleef replied 5 years ago I have tried this and it does not seem to work, I still get 401 Unauthorized
If this was correct, it should be possible for insomnia to have a Header with the Authorization and the NTLM XXXXXX without authorization and it should work, beacuse it doesn’t seem to to me.
Nick Van Cleef replied 5 years ago I believe there must be some sort of copy protection or something because every time I run it in Postman the authorization changes
Nick Van Cleef replied 5 years ago It could also be that it is because NTLM sends back a 401 and expects another response and smartconnect doesn’t recognize this. http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication