node-client-ntlm

Description

A node.js http(s) client that allows to request unprotected and protected content using Basic, NTLM v1 or NTLM v2 authentication methods without using any dependency, uses native http and https nodejs modules.

NTLM authentication method will be used first if the server allows. If fails, Basic authentication will be used. This order cannot be changed but an authentication method (NTLM or Basic) can be used by default if needed.

The module has 1 dependency (js-md4) because the md4 hash has been removed from node crypto.

Works with node 21

This module is compatible with Javascript and Typescript projects and can work with or without session/cookie manager.

CommonJS and ES6 compatible

Installation

To use it in your project you must execute:

npm install --save node-client-ntlm

Usage

You must import the module with import or require key:

// ES6 import format
import { NtlmClient } from 'node-client-ntlm';
// CJS require format
const NtlmClient = require('node-client-ntlm').NtlmClient;

Once imported a instance is needed:

const client = new NtlmClient();

Use the instance to request protected content using user credentials:

client.request({
    url: 'https://ntlm.protected.data/collection',
    method: 'PUT',
    debug: false,
    disableRedirect: false,
    body: { foo: 'bar' },
    headers: {
      'content-type': 'application/json'
    }
  }, 'user', 'pass', 'workstation', 'domain')
  .then((response) => {
    console.log('Content body of the response', response.body);
    console.log('Headers of the response', response.headers);
    console.log('StatusCode of the response', response.status);
  })
  .catch((error) => {
    console.error(error)
  })

NOTE: Returns Promises.

Examples

Full documentation available at https://m0rtadelo.github.io/ntlm-client/

Some usages examples of this module:

GET request with full authentication

const response = await client.request('http://ntlm.protected.data/items?id=26',
  'user', 'pass', 'workstation', 'domain'
);

POST request (no data) with debug logger enabled

const response = await client.request(
  { url: 'https://ntlm.protected.data/items?id=26', method: 'POST', debug: true },
  'user', 'pass'
);

POST request (form data)

const response = await client.request(
  { 
    url: 'https://ntlm.protected.data/items?id=26',
    method: 'POST',
    body: 'foo=bar&var1=val1',
    headers: {
      'content-type': 'application/x-www-form-urlencoded'
    }
  },
  'user', 'pass'
);

POST request (json data)

const response = await client.request(
  { 
    url: 'https://ntlm.protected.data/items?id=26',
    method: 'POST',
    body: { foo: 'bar' },
    headers: {
      'content-type': 'application/json'
    }
  },
  'user', 'pass'
);

No auth GET request (standard https request with no authorization)

const response = await client.request('https://ntlm.protected.data/items?id=26');

GET request with session manager

const tough = require('tough-cookie');

const response = await client.request('http://ntlm.protected.data/items?id=26',
  'user', 'pass', 'workstation', 'domain', { tough }
);

NOTE: this module works out of the box with tough-cookie (npm i --save tough-cookie)

GET request with predefined data session

const response = await client.request(
  {
    url: 'http://ntlm.protected.data/items?id=26',
    headers = { cookie: 'cookieVar=cookieVal' }
  },
  'user', 'pass', 'workstation', 'domain'
);

GET request using Basic auth (ntlm bypass)

const response = await client.request(
  {
    url: 'http://ntlm.protected.data/items?id=26',
    authMethod: ['ntlm']
  },
  'user', 'pass', 'workstation', 'domain'
);

To force Basic auth ntlm string should be in the authMethod array