views:

1116

answers:

5

I am having a frustrating time trying to do something with Perl that would take a couple of lines of code in C#, namely to call a web service on a Windows server that requires Integrated Windows Authentication.

The most likely candidate I've found for success is a module called LWP::Authen::Ntlm, but all the examples I've googled require you to explicitly supply username, password and domain. I don't want to do that - I just want the request to use the credentials of the currently logged in user, a la CredentialCache.DefaultCredentials in .NET.

Have any of you Perl gurus out there ever had to do this?

Thanks.

A: 

Have you tried passing the username and password in the url.

http://username:password\@$server:8080

Tone
how does that not pass the user id / password in the URL?
lexu
Hi thereThe problem we have is that we need Perl to talk to the Windows OS and get back some sort of hash that it can send across the wire that will allow IIS to authenticate the currently logged in user on the client machine.In .NET it's a question of saying proxy.Credentials = CredentialCache.DefaultCredentials, i.e. no need to even know the username or password.We want Perl to ask for this and attach it to the web request and hey presto!Searching the web has thrown up nothing useful. Frustrating.
Chris Smith
A: 

Webservices are designed to be platform and OS-agnostic. So, if you are trying to do NTLM(IWA) from Unix/Perl, I think, it calls for a redesign of your authentication mechanism to the ones suggested by WS-Security specification.

Senthil
+1  A: 

Here's an idea: start an iexplore process to call a script on a server, since Internet Explorer uses the logged on user as a default logon when accessing servers on the same domain.

Maybe you can achieve something using OLE with the Win32 Modules listed here. Maybe the Win32::API module might be of help.

heeen
A: 

I think heeen is on a good path with Win32::API, and I suspect that you'll need to roll your own user agent to manage the NTLM handshake with the IIS server. That's not all that bad, the interaction is well understood.

This smells a little like something that Samba could help you with, too. Searching around, there's a lot of buzz about using Samba + !IIS to support integrated authentication, you just need the other direction.

Trueblood
A: 

I have been struggling with this as well. I have a possible solution using Cntlm http://cntlm.sourceforge.net/ which provides a local proxy that will authenticate using a hash. This way you can prompt the user for a password once and then generate and save the hash. It would be preferable for someone to build a windows app that would do the same thing and use CredentialCache.DefaultCredentials and not require user input.

Kinglsey