[webkit-gtk] libwebkit2gtk and NTLM authentication

Toni Koski toni at firstview.fi
Wed Oct 16 12:17:47 PDT 2013 

2013/10/16 Brian Holt <brian.holt at samsung.com>

> > >> There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
> > >> WebKitAuthenticationScheme.
> > >> However, I can't catch The "authenticate" -signal in case of NTLM.
> > It
> > >> seems to work fine at least with BASIC and DIGEST -authentications.
> > >
> > > According to libsoup API docs, NTLM authentication is not enabled by
> > > default and the feature should be added to the session explicitly. I
> > > don't think we are doing that in WebKit, so I guess we don't support
> > > NTLM authentication at the moment.
> > >
> > > Dan, is this right?
> >
> > Yes. You need to do
> >
> >   soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);
> >
> > There are some arguments against enabling it by default; if you have
> > the client-side samba stuff installed, and are logged into a Windows
> > domain, then NTLM authentication can happen completely transparently
> > (ie, no "authenticate" signal, no password dialog) using the cached
> > credentials, and there are attacks against intranets that you could
> > make using that functionality if you could hijack someone's http
> > connection... so it's best to only have it get used when the app is
> > explicitly expecting it to be used (as in evolution).
> >
>
> This is fine if you are building WebKit yourself and are happy to add the
> line deep inside WebCore (perhaps in ResourceHandleSoup.cpp
> createSoupSession()), unless there is some way to get hold of the soup
> session at the API level?  Perhaps we should expose an API in
> WebKitWebContext that allows NTLM e.g.
>
> WEBKIT_API void
> webkit_web_context_set_ntlm_authentication_enabled(WebKitWebContext
> *context,
>                                                    gboolean
>  enabled);
>
> Regards
> Brian
>
>
Thank you guys!
Works like a charm :-)

Added  soup_session_add_feature_by_type(session, SOUP_TYPE_AUTH_NTLM); in
ResourceHandleSoup.cpp and recompiled libsoup with ntlm-auth.
This is fine for me until it is official provided by libwebkit.

/toni
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20131016/41bfde47/attachment.html>

More information about the webkit-gtk mailing list