[webkit-gtk] libwebkit2gtk and NTLM authentication

Dan Winship danw at gnome.org
Wed Oct 16 05:29:02 PDT 2013


On 10/16/2013 05:38 AM, Carlos Garcia Campos wrote:
> El mié, 16-10-2013 a las 12:18 +0300, Toni Koski escribió:
>> I try to implement NTLM authentication with webkit2gtk (2.2.0).
>>
>> There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the 
>> WebKitAuthenticationScheme.
>> However, I can't catch The "authenticate" -signal in case of NTLM. It 
>> seems to work fine at least with BASIC and DIGEST -authentications.
> 
> According to libsoup API docs, NTLM authentication is not enabled by
> default and the feature should be added to the session explicitly. I
> don't think we are doing that in WebKit, so I guess we don't support
> NTLM authentication at the moment.
> 
> Dan, is this right?

Yes. You need to do

  soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);

There are some arguments against enabling it by default; if you have the
client-side samba stuff installed, and are logged into a Windows domain,
then NTLM authentication can happen completely transparently (ie, no
"authenticate" signal, no password dialog) using the cached credentials,
and there are attacks against intranets that you could make using that
functionality if you could hijack someone's http connection... so it's
best to only have it get used when the app is explicitly expecting it to
be used (as in evolution).

-- Dan



More information about the webkit-gtk mailing list