IP*Works! Auth V9 - Online Help
IP*Works! Auth V9
Questions / Feedback?

NTLM Class

Properties   Methods   Events   Configuration Settings   Errors  

The NTLM component provides a simple API to create the required tokens for NTLM authentication.

Class Name

IPWorksAuth_NTLM

Procedural Interface

 ipworksauth_ntlm_open();
 ipworksauth_ntlm_close($res);
 ipworksauth_ntlm_register_callback($res, $id, $function);
 ipworksauth_ntlm_get_last_error($res);
 ipworksauth_ntlm_get_last_error_code($res);
 ipworksauth_ntlm_set($res, $id, $index, $value);
 ipworksauth_ntlm_get($res, $id, $index);
 ipworksauth_ntlm_do_config($res, $configurationstring);
 ipworksauth_ntlm_do_createauthtoken($res);
 ipworksauth_ntlm_do_createnegotiatetoken($res);
 ipworksauth_ntlm_do_reset($res);

Remarks

This class provides a simple API to create the required tokens for NTLM authentication.

The NTLM authentication process is a challenge-response scheme which consists of three messages. These three messages are the negotiation, challenge, and authentication. This class implements only the client side of NTLM and will create the negotiation and authentication tokens. The class does not transmit any data, it simply prepares the tokens for use in other transport protocols such as HTTP. The following steps describe how the component is used.

Create the Negotiate Token

To begin first set User and Password. The user value may contain domain information in the format "DOMAIN\User" or "user@domain". Next call CreateNegotiateToken to populate NegotiateToken. This token may then be transmitted separately. For instance in HTTP this would be sent in a request within the Authorization header:

HTTPHeader = "Authorization: NTLM " + NegotiateToken

Create the Auth Token

After sending the negotiate token over the chosen transport protocol, the server will respond with a challenge token. Set ChallengeToken to the token received from the server. For instance, in HTTP the server will respond with the challenge token in the WWW-Authenticate header:

WWW-Authenticate: NTLM <ChallengeToken>
After setting User, Password, and ChallengeToken call CreateAuthToken. This will populate AuthToken with the created token. This token may then be transmitted separately. For instance in HTTP this would be sent in the request within the Authorization header:
HTTPHeader = "Authorization: NTLM " + AuthToken

Note: If the server requires EPA (Extended Protection for Authentication), then SSLServerCert must be set to the server's public certificate before calling CreateAuthToken.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

AuthTokenThe authentication token.
ChallengeTokenThe challenge token.
NegotiateTokenThe negotiate token.
NTLMVersionThe NTLM version.
PasswordThe user's password.
SSLServerCertEncodedThe certificate (PEM/base64 encoded).
SSLServerCertStoreThe name of the certificate store for the client certificate.
SSLServerCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSLServerCertStoreTypeThe type of certificate store for this certificate.
SSLServerCertSubjectThe subject of the certificate used for client authentication.
UserThe user.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting .
CreateAuthTokenCreates the authentication token.
CreateNegotiateTokenCreates the negotiate token.
ResetResets the component.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ErrorInformation about errors during data delivery.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

UsePlatformNTLMAPIWhether to use the platform NTLM API.
EncodeTokenWhether to Base64 encode the token.
DecodeTokenWhether to Base64 encode the token.
WorkstationThe workstation name.
CodePageThe system code page used for Unicode to Multibyte translations.

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
Build 9.0.6240.0