topic Re: How to connect to API with windows authentification / NTLM / LDAP ? in Discussions

How to connect to API with windows authentification / NTLM / LDAP ?

diz — Sat, 10 Jun 2023 20:37:01 GMT

Hello jmp users,

I try to connect to our internal services / api in JMP/JSL (JMP14) with HTTP request method

url = "http://192.168.1.1/api/getsomedata;
request = New HTTP Request(
        URL( url ),
        Method( "Post" ),
Form(
               Fields([[
                       "maxLimit" => "100"
               ]])
        )
);
json = request << Send();
jsl_json = Parse JSON( json );

The URL needs Windows Authentificaion (Ldap, NTLM).

Does somebody know a way, how to provide [username, password] windows credentials to access that ressource via HTTP Request Method?

Related questions are discussed eg here:

thank you diz

Re: How to connect to API with windows authentification / NTLM / LDAP ?

bryan_boone — Fri, 19 Jun 2020 13:17:02 GMT

HTTP Request doesn't authenticate with NTLM/LDAP directly.

You'd want to use something like Passport http://www.passportjs.org/

in your webservice, then use form-based authentication or basic authentication over https.

-Bryan

Re: How to connect to API with windows authentification / NTLM / LDAP ?

diz — Tue, 23 Jun 2020 12:40:16 GMT

Hi Bryan, thank you for that Information, this is good to know!

Is there an example or code snipplet in the JSL documentation about how to use the form based http Basic authentification with jmp? This i would like to try, before changing something in the server software.

thanks again diz

Re: How to connect to API with windows authentification / NTLM / LDAP ?

vince_faller — Tue, 23 Jun 2020 17:19:28 GMT

Would Oauth2 be an option? JMP 15 has this in the scripting index.

Names Default To Here( 1 );
/*
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
*/
				 
/*
Note: the "code" parameter is set automatically after the redirect occurs
*/
auth_url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
token_url = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
redirect_url = "http://localhost/myapp/";
client_id = "6731de76-14a6-49ae-97bc-6eba6914391e";
client_secret = "JqQX2PNo9bpM0uEihUPzyrh";
scope = "openid offline_access https://graph.microsoft.com/user.read";
auth_fields = [=> ];
token_fields = [=> ];
				 
oauth2 = New OAuth2();
oauth2 << Grant Type( "Authorization Code" );
oauth2 << Auth URL( auth_url );
oauth2 << Token URL( token_url );
oauth2 << Redirect URL( redirect_url );
				 
auth_fields["scope"] = scope;
auth_fields["client_id"] = client_id;
token_fields["client_secret"] = client_secret;
				 
oauth2 << Auth Fields( auth_fields );
oauth2 << Token Fields( token_fields );
				 
auth_header = oauth2 << Get Auth Header();
request = New HTTP Request(
	URL( "https://graph.microsoft.com/v1.0/me" ),
	Headers( {auth_header} ),
	Method( "GET" )
);
data = request << Send;

Re: How to connect to API with windows authentification / NTLM / LDAP ?

diz — Wed, 24 Jun 2020 13:55:35 GMT

Hi, thanks for that suggestion! Good, that this option could work, but it is not that what I was looking for originally. Anyway, since there are some workarounds given, I i will mark this discussion as solved! Thanks diz

Re: How to connect to API with windows authentification / NTLM / LDAP ?

bryan_boone — Wed, 01 Jul 2020 12:47:44 GMT

Form based is one option.

Basic is another.

In a nutshell (examples to follow), form based is sending key/value pairs to your webservice much like logging in with a webpage form.

Basic authentication is in found in the header (HTTP Request << Headers option), where the authenitcation is

username:password (Base 64 encodeed). You can also use:

request << Username("my username");

request << Password("my password");

instead of setting the header information directly for Basic.

You'd want both, if possible to be over https.

Typically, your webservice would set a cookie to manage subsequent requests.

If you use Basic, then it wouldn't be required as long as you set the header information with each request.

If you go the Passport option for the webservice, Passport acts a a mediator, it can digest form and Basic(and others) and do the back-end authorization that you want.

Most webservices, like Office 365, Google, Spotify, JMP Live use OAuth2 (not form-based or Basic), but that's due to external visibility of the sites (which add complexity). If it's an in-house behind your firewall, etc, basic or form-based using https is your simplest option, in my opinion.

Re: How to connect to API with windows authentification / NTLM / LDAP ?

diz — Wed, 01 Jul 2020 06:54:04 GMT

Hi Bryan,

thanks for the update! This solution works and is the real solution! I marked this as solution.

best, diz

Re: How to connect to API with windows authentification / NTLM / LDAP ?

UersK — Wed, 08 Feb 2023 05:20:08 GMT

Thanks!