Mittwoch, 17. Dezember 2014

IE Post empty with NTLM

With NTLM login enabled sometimes data send with POST is missing. This is because IE has an internal timeout and tries to recheck NTLM.

With fiddler you can see the problem. One hacky solution is to catch this request and response with a fake answer. After this the IE will send the normal POST data.

To get the correct NTLM response use fiddle during a NTLM login. Switch the inspector to "Auth" and look for the "Type: 1" response and replace below with long string behind "WWW-Authenticate: NTLM". Place this at the top of your page and it will catch and respond to any IE NTLM request.


$headers = apache_request_headers();
$auth = $headers['Authorization'];
if ($auth && substr($auth,0,5) == 'NTLM ')
{
    $msg = base64_decode(substr($auth, 5));
    if ($msg[8] == "\x01") {
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: NTLM ');
        exit;
    }
}

Note: This might be a security risk. Make sure to check the user Session and send him to your NTLM login is needed.

Keine Kommentare: