与邮递员通过 NTLM

有没有办法通过 Windows Authenticationpostman

我已经在标题中添加了这个,但仍然是 401 Unauthorized

Authorization: NTLM TkFcYWRtaW46dGVzdA==

按照 这个链接的建议。我已经加密为 Unicode (UTF-16, little-endian),但没有用处。

有什么想法吗?

100225 次浏览
小开
最佳答案

I don't think there is a way to do that. But, you are not alone in wanting it...

https://github.com/postmanlabs/postman-app-support/issues/1137

[EDIT] As of the addition of this edit, Postman has NTLM Authentication in beta in their most recent release.

https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization

小开

I got this working by running Fiddler first.

  1. Run Fiddler (I'm using 4.6.2.3)
  2. Fiddler Menu: Rule -> Automatically Authenticate = true
  3. Postman: Check that Authorization type = No Auth
  4. Browse api.
小开

NTLM authentication does work with the Chrome plugin version of Postman, as the built-in Chrome NTLM authentication can be used with the plugin. However, plugins are no longer supported by Chrome, so this version can no longer be installed and used.

The current app version of Postman (both the Chrome app and native app versions) does not support NTLM authentication.

小开

You can also change internet options and set Logon to: Automatic logon with current user name and password

taken from: https://sysadminspot.com/windows/google-chrome-and-ntlm-auto-logon-using-windows-authentication/

if the website uses https you can add it to Trusted Sites and set it there, otherwise you can add it to local intranet sites and set Custom level... there.

Open internet options: Open internet options

Click Custom level... and scroll to bottom:

Click Custom level... and scroll to bottom

小开

I suggest using insomnia. It's free and you can see the documentation on how to add NTLM Auth here: https://insomnia.rest/documentation/authentication/

小开

If you develop your API in C# you can use the following on your Base Controller

#if !DEBUG
[Authorize]
#endif
小开

you can use the the NTLM authorization exist in the Authorization tab same as this photo

enter image description here

小开

Postman now does NTLM on their desktop apps only.

小开

I will improve upon Hala's answer as it is problematic due to storing credentials in the request and these might get persisted in a shared repository if one is used.

Clear credentials once a request has been successfully issued

One way is to enter the credentials - username, password and domain - make the request and remove them. Subsequent requests will work, probably due to using the same NTLM authentication header, as Postman will add a temporary Authorization header (blurred) that has a value like the following: NTLM some_base64_content

Use environment variables (or better global ones as suggested by SSS) to store sensitive data

Define an environment to use and configure it similar to this:

Configure environment

Use configured environment variables in the request:

Request authorization data

小开

This was added to the Postman application in 5.3.0. However, this support was broken in 5.4.1 and remained broken until 7.14.0 per Postman App issue #4355. Updating the app to a newer version of Postman should therefore allow using NTLM authentication.

Note that Postman currently only supports NTLMv1 authentication but not NTLMv2 per Postman App issue #8038.


提交答案