jphekman has asked for the wisdom of the Perl Monks concerning the following question:

Hi all!

I am trying to use Perl to connect to an NTLM-authenticated site via LWP. (My final goal is to use SOAP::Lite but I'm doing a proof of concept with LWP first as it's simpler.)

Script below, mostly copied from googling around and finding that this works for everyone else:

#!/usr/bin/perl -w

use LWP::UserAgent;
use HTTP::Request::Common;
use LWP::Debug qw(+);

my $username = "DOMAIN\\username";
my $password = 'password';
my $soapUrl = "https://site.domain.com/directory/";

# Set up the ntlm client and then the base64 encoded ntlm handshake me
+ssage
my $ua = new LWP::UserAgent(keep_alive=>1);
$ua->credentials('site.domain.com/directory:443', '', $username, $pass
+word);

$request = GET $soapUrl;
print "--Performing request now...-----------\n";
$response = $ua->request($request);
print "--Done with request-------------------\n";

if ($response->is_success) {print "It worked!->" . $response->code . "
+\n"}
else {print "It didn't work!->" . $response->code . ": " . $response->
+status_line . "\n"}

[download]
Output: 
--Performing request now...-----------
--Done with request-------------------
It didn't work!->401: 401 Unauthorized

[download]

Is HTTPS making it problematic? Because from what I can tell, the above really should work.

I very much appreciate any help you can give!

Jessica

Replies are listed 'Best First'.
Re: LWP + NTLM over HTTPS?
by whereiskurt (Friar) on Apr 17, 2010 at 01:16 UTC

    Jessica:

    Not sure if this line is part of your problem:

    'site.domain.com/directory:443'

    [download]

    Consider trying:

    'site.domain.com:443/directory'

    Kurt

[reply]
[d/l]
[select]
      Good catch. That was actually a typo when I was modifying the script so as not to post actual authorization information; I did have it right in the real version. I actually did not have the directory in that particular string at all, but just now tried adding the directory, just in case -- no help. It still doesn't work. Thanks though!
[reply]
Re: LWP + NTLM over HTTPS?
by Khen1950fx (Canon) on Apr 17, 2010 at 01:49 UTC
    I had a script similar to yours:
    #!/usr/local/bin/perl

use strict;
use warnings;
use LWP::UserAgent::Determined;
use HTTP::Request::Common;
use Authen::NTLM;
ntlmv2(1);
 
my $url = 'http://www.bbc.co.uk/';

my $ua = LWP::UserAgent::Determined->new(keep_alive=>1);
$ua->credentials('www.bbc.co.uk:80', '', 'mydomain\\myuser', 'mypass')
+;
 
my $request = GET $url;
print "--Performing request now...-----------\n";
my $response = $ua->request($request);
print "--Done with request-------------------\n";

if ($response->is_success) {print "It worked!->" . $response->code . "
+\n"}
else {print "It didn't work!->" . $response->code . "\n"}

my $contents = $response->content();
print $response->status_line(), "\n";
print $response->headers()->as_string(), "\n";

    [download]
[reply]
[d/l]
      When I run this script I get 
      Undefined subroutine &main::ntlmv2 called at ./connectTest5.pl line 8.

      [download]
      I commented out the ntlmv2 call, just to see what would happen. Now it compiles and sends the request to the server. This client actually prints headers for me, so that's really helpful! One of the headers says: 
      Client-SSL-Warning: Peer certificate not verified
Client-Warning: Authen::NTLM version 1.02 required--this is only versi
+on 0.31 at /usr/share/perl/5.10/Exporter/Heavy.pm line 108.
 BEGIN failed--compilation aborted at /usr/local/share/perl/5.10.0/LWP
+/Authen/Ntlm.pm line 8.
 Compilation failed in require at (eval 23) line 3.
MicrosoftOfficeWebServer: 5.0_Pub

      [download]

      I am confused. a) Authen::NTLM 0.31 is the most recent version on CPAN. Perhaps this client is expecting the other NTLM module? b) Ntlm.pm failed to compile, apparently! Previous scripts using it did seem to compile, though.

      So, seeing the headers is helpful, but I'm still not there yet. Thanks!

[reply]
[d/l]
[select]
        Since you're using Microsoft, take out Authen::NTLM. I use that for my Linux systems sometimes but not always. With Microsoft, LWP uses LWP::Authen::Ntlm indirectly, so you wouldn't normally need to use Authen::NTLM in your script.
[reply]

Back to Seekers of Perl Wisdom