Go HTTP NTLM请求中的Windows系统凭据 [英] Windows system credentials in Go HTTP NTLM requests

问题描述

我正在寻找使用Windows用户调用应用程序的系统凭据在Go HTTP请求中进行NTLM身份验证的阻力最小的路径.

I am looking for the path of least resistance for doing NTLM authentication in a Go HTTP request using the system credentials of the Windows user calling the application.

在C#/.NET中，我将能够通过

In C#/.NET, I would be able to achieve this through

WebRequest request = WebRequest.Create(url);
request.Credentials = CredentialCache.DefaultCredentials;
WebResponse response = request.GetResponse();
Stream receiveStream = response.GetResponseStream();

在Python中，等效结果可以通过

and in Python, the equivalent result can be obtained through

import win32com.client
h = win32com.client.Dispatch('WinHTTP.WinHTTPRequest.5.1')
h.SetAutoLogonPolicy(0)
h.Open('GET', url, False)
h.Send()

但是我无法找到有关如何在Go中执行相同操作的任何资源.我当然可以使用一个用于NTLM身份验证的库，并手动提供用户名/密码，但是这里的目的是避免将它们输入.

but I have not been able to find any resources on how to do the same thing in Go. I could of course use a library for NTLM authentication and manually provide a username/password, but the goal here is to avoid ever putting those in.

推荐答案

进一步研究之后，看起来go-ole可以用来利用

After digging into it a bit further, it looks like go-ole can be utilized to make use of WinHTTPRequest in the same way as the Python example in the question. Ignoring all error catching,

package main

import (
    "fmt"

    ole "github.com/go-ole/go-ole"
    "github.com/go-ole/go-ole/oleutil"
)

func main() {
    ole.CoInitialize(0)
    defer ole.CoUninitialize()
    unknown, _ := oleutil.CreateObject("WinHTTP.WinHTTPRequest.5.1")
    request, _ := unknown.QueryInterface(ole.IID_IDispatch)
    oleutil.CallMethod(request, "SetAutoLogonPolicy", 0)
    oleutil.CallMethod(request, "Open", "GET", "http://example.com", false)
    oleutil.CallMethod(request, "Send")
    resp := oleutil.MustGetProperty(request, "ResponseText")
    fmt.Println(resp.ToString())
}

这篇关于Go HTTP NTLM请求中的Windows系统凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！