Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ABAP HTTP Client NTLM 401 Challenge type Authentication

Go to solution
athavanraja
Active Contributor

‎05-22-2012 11:46 AM

0 Kudos

Scenario:

From ABAP using cl_http_client calling a url in IIS server which requires NTLM 401 Challenge type authentication.

I have followed the steps in this documentation  (thanks Gregor Wolf) , but don't know how to build the type 1 message, type 2 message, type 3 message  which needs to be sent with Authorization request header.

Any help to make the NTLM authentication from ABAP http client is highly appreciated.

Thanks.

Raja

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-22-2012 12:51 PM

0 Kudos

Unless you want to start a large research project, I would not recommend going forward with implementing NTLM client authentication in ABAP.

It is a proprietary and complex protocol, that involves more than just hashing the username and password of the user.

I am agreeing with Gregor that it will make a good code exchange project, but it will be hard to do and even harder to support for your customer.

The best way forward, would be to architect your way around it.

Ask your self the following questions:

  1. Is it really necessary to use NTLM authentication for the IIS server?
    Could it be modified to basic authentication?
    Could a separate web app be create that uses basic authentication?
    (with basic authentication you should make sure you use https)

    Exposing a service with IIS using a Microsoft proprietary protocol is not a good basis for a SOA architecture

  2. Can you proxy your request through a system that already supports NTLM?
    First example
    SAP Java AS supports NTLM on the client side through the Java Virtual Machine from version 1.5_08
    However, expect bugs and it will typically try to do the authentication with the user running the JVM process.

    Second example
    F5 BIG-IP load balancer with ASE module (I think) support having one incoming authentication (basic auth) and one outgoing (NTLM).

  3. If IE is the enterprise standard browser, it will natively support Windows Integrated Authentication and therefore NTLM.
    Could you create a simple bsp web app, that redirects your end-user's browser to the data they require?

Regards

Dagfinn

4 REPLIES 4

Go to solution
Former Member

‎05-22-2012 12:51 PM

0 Kudos

Unless you want to start a large research project, I would not recommend going forward with implementing NTLM client authentication in ABAP.

It is a proprietary and complex protocol, that involves more than just hashing the username and password of the user.

I am agreeing with Gregor that it will make a good code exchange project, but it will be hard to do and even harder to support for your customer.

The best way forward, would be to architect your way around it.

Ask your self the following questions:

  1. Is it really necessary to use NTLM authentication for the IIS server?
    Could it be modified to basic authentication?
    Could a separate web app be create that uses basic authentication?
    (with basic authentication you should make sure you use https)

    Exposing a service with IIS using a Microsoft proprietary protocol is not a good basis for a SOA architecture

  2. Can you proxy your request through a system that already supports NTLM?
    First example
    SAP Java AS supports NTLM on the client side through the Java Virtual Machine from version 1.5_08
    However, expect bugs and it will typically try to do the authentication with the user running the JVM process.

    Second example
    F5 BIG-IP load balancer with ASE module (I think) support having one incoming authentication (basic auth) and one outgoing (NTLM).

  3. If IE is the enterprise standard browser, it will natively support Windows Integrated Authentication and therefore NTLM.
    Could you create a simple bsp web app, that redirects your end-user's browser to the data they require?

Regards

Dagfinn

Go to solution
athavanraja
Active Contributor
In response to Former Member

‎05-22-2012 12:58 PM

0 Kudos

Thanks for taking time to answer this.

option 3 cannot be used as i have to use a batch user instead of windows logged on user .

currently trying the option 2 where colleague of mine is creating a simple asp page (with basic authentication) which will then connect to the server with NTLM authorization.

Thanks again.

Regards

Raja

Go to solution
Former Member

‎07-14-2015 12:50 PM

0 Kudos

http://help.sap.com/saphelp_oil472/helpdata/en/97/59353a03e5494ce10000000a114084/content.htm

https://msdn.microsoft.com/en-us/library/cc236650.aspx

Hi Durairaj,

I need help regarding NTLM authentication. I have a requirement to communicate with MS Exchange server via NTLM authentication from ABAP.

Currently, the communication is happening via RFC destination (SM59) and it is working fine. Now my customer needs the communication via NTLM not via RFC destination.

I tried with the help of above URLs but not able to fid any solution. Can you help me please?

Any help really appreciated. Thanks in advance.

Kind regards,

Vishal Dubey

Go to solution
larshp
Active Contributor

‎06-09-2021 12:44 PM

0 Kudos

also try https://github.com/larshp/abapNTLM