NodeJS - 与尝试 ntlm 身份验证但遇到奇怪行为的服务器通信 [英] NodeJS - Communicating with a server that is attempting ntlm authentication, but encountering strange behavior

查看:108
本文介绍了NodeJS - 与尝试 ntlm 身份验证但遇到奇怪行为的服务器通信的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试编写允许我的 nodeJS 服务器抓取另一个试图运行 ntlm 身份验证的网站的代码.当我到达页面时,会出现一个弹出窗口,我应该在其中输入凭据以访问该站点.但是,该弹出窗口似乎不是 chrome 的一部分,而是操作系统的一部分;无论我尝试什么,我都无法在页面的元素中找到它,这让我认为它是操作系统的一部分.(我在我的开发机器上运行 Windows 10,但将执行刮取的机器正在运行 linux).我对此的另一个证据是,当我使用 nightmare 登陆网站时,不会出现弹出窗口.

I am attempting to write code that will allow my nodeJS server to scrape another website that is attempting to run ntlm authentication. When I arrive on the page a popup appears, into which I am supposed to enter credentials to access the site. However, that popup does not appear to be a part of chrome but a part of the OS; No matter what I try I can't find it in the elements of the page, which makes me think it is a part of the OS. (I am running Windows 10 on my development machine, but the machine that will execute the scrape is running linux). Another evidence I have for this is that when I use nightmare to land on the site the popup does not appear.

我发现此弹出窗口是尝试进行 ntlm 身份验证,我通过记录标头发现了这一点,并找到了 'www-authenticate': 'Negotiate, NTLM' 标头.

I found that this popup is an attempt to do ntlm authentication, i found this out by logging the headers and found the 'www-authenticate': 'Negotiate, NTLM' header.

我之前从来没有做过ntlm认证,做了很多研究,参考了很多文章,包括:

I have never done ntlm authentication before, and did lots of research consulting many articles, including:

  1. stackoverflow 上的这个
  2. 有关 http 的微软文档- 认证

我可能只是误解了它,但从我阅读的内容来看.NTLM 身份验证是一种身份验证协议,其中服务器和客户端多次通信,要求客户端解码服务器发送给它的质询,并且客户端用自己的加密消息发回响应(在微软的文档中,它们被称为作为 ntlm 类型 1、类型 2 和类型 3 消息).一旦客户端进行了这些连续的握手",客户端就会获得一个令牌,该令牌将放置在所有未来请求的授权标头中,这将允许客户端访问该域的资源.

I may just be misunderstanding it, but from what I read. NTLM authentication is an authentication protocol where a server and a client communicate several times requiring the client to decode a challenge that the server sends to it, and the client sending back a response with it's own encrypted message (in the documentation on microsoft they are referred to as ntlm type 1, type 2, and type 3 messages). Once the client has conducted these successive "handshakes" the client is given a token, which is to be placed in the authorization header of all future requests, which will allow the client to access resources at that domain.

但是,当我发出 get 请求(使用请求模块)并检查 www-authenticate 标头时,我没有看到需要解码的 base64 加密质询.它所说的只是谈判,NTLM".但是,还有另一个标头已发送回,看起来像这样 'set-cookie': ['PMPRSTTCKT=!lcWXt/hXXO4xZHh0zm3oec8PLsnWcoTFk3sxytyUFAh/vYSo90MBtWpKI48G5L7mFdWMteNN5Q2Khfo=;到期=周五,2019 年 3 月 1 日 21:06:12 GMT;路径=/;Httponly;安全'].我不确定这个 cookie 是不是服务器发回的挑战错误,只是开发团队编码不当.

But, when I make a get request (using the request module) and inspect the www-authenticate header, I am not seeing a base64 encrypted challenge that I need to decode. All it says is 'Negotiate, NTLM'. There is another header however that has been sent back that looks like this 'set-cookie': ['PMPRSTTCKT=!lcWXt/hXXO4xZHh0zm3oec8PLsnWcoTFk3sxytyUFAh/vYSo90MBtWpKI48G5L7mFdWMteNN5Q2Khfo=; expires=Fri, 01-Mar-2019 21:06:12 GMT; path=/; Httponly; Secure']. I am not certain if this cookie is mistakenly the challenge sent back from the server, and it was just poor coding by the Development team or not.

据我所知,这不是 ntlm 身份验证的预期行为.我期待这个标题包含挑战.有没有人有 NTLM 身份验证的经验,可以对这里发生的事情有所了解吗?

As I understand it this is not the expected behavior for ntlm authentication. I am expecting this header to contain the challenge. Do any of you have experience with NTLM authentication and can shed some light on what is going on here?

目标是使用 nightmare 抓取网站并下载多个报告,并对下载的报告进行一些分析.在此之前有几个问题需要回答:

The goal is to use nightmare to scrape the site and download several reports and run some analytics on the reports that are downloaded. There are several questions that need to be answered before this can be done:

  1. 显然我需要以某种方式向网站进行身份验证
  2. 以某种方式允许 nightmare 访问身份验证令牌,或者在 nightmare 或电子中执行某些操作以进行 ntlm 身份验证,以便我的抓取工具可以不间断地通过网站.

推荐答案

您可以使用以下已经在 javascript/node.js 中实现了 ntlm 认证协议的模块:https://www.npmjs.com/package/httpntlm

You can use the following module which already implements the ntlm authentication protocol in javascript/node.js: https://www.npmjs.com/package/httpntlm

这篇关于NodeJS - 与尝试 ntlm 身份验证但遇到奇怪行为的服务器通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆