NTLM Authorization
You can use Testfully to authorize your HTTP calls using NTLM authorization scheme. This guide will walk you through the details of how to set up NTLM authorization in Testfully.
What is NTLM?
NTLM (Windows New Technology LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. Although NTLM is an older authentication protocol, it is still widely used in many enterprise environments, especially in Windows-based systems. NTLM is built on top of the challenge-response mechanism, where the client and server exchange messages to authenticate the user, and the server validates the user's credentials.
How to use NTLM Authorization in Testfully?
Similar to other authorization schemes, you can use use NTLM authorization by providing the required credentials in the Authorization tab of a request, or if you wish to reuse the authorization settings across multiple requests, you can set up NTLM authorization for a particular environment, folder or collection.
Setting up NTLM Authorization for a Request
To set up NTLM authorization for a request, follow these steps:
- Open a request, folder, collection or environment in Testfully.
- Go to the Authorization tab.
- Select NTLM from the Authorization Type dropdown.
- Select the NTLM version you want to use (NTLMv1 or NTLMv2).
- Enter the domain, username, and password in the respective fields.
- Click on the Save button to save the authorization settings.
NTLM V1 vs NTLM V2
NTLM has two versions: NTLMv1 and NTLMv2. NTLMv2 is more secure than NTLMv1 and provides better protection against various attacks. Testfully supports both NTLM versions, so you can choose the version that best suits your needs.
Retry requests with NTLM Authorization
By default, a full NTLM handshake involves multiple requests and responses between the client and server. If you wish to stop the NTLM handshake after the response to Message Type 1 is received, you can disable the "To complete NTLM authorization, retry the request with correct headers." option in the authorization settings.
Using NTLM Authorization via Testfully Web
Due to limits of modern browsers, NTLM authorization may not work in Testfully Web as expected. We recommend using Testfully Desktop, but if you need to use NTLM authorization in Testfully Web, you need to take the following into consideration:
NTLM authorization relies on
Authorization
andWWW-Authenticate
headers, which by default are not accessible in JavaScript due to security restrictions. The workaround is to addapp.testfully.io
to the list of trusted origins for your API (CORS settings) and enable theAccess-Control-Expose-Headers
header in your API responses. This will allow Testfully Web to access the necessary headers for NTLM authorization.NTLM authorization happens at the socket level, which means that once a connection is established, the client and server exchange messages to authenticate the user. Browser-based applications like Testfully Web do not have direct access to the socket level, so NTLM authorization may not work if your API requires NTLM authentication with different credentials for each request.
Dynamic Parameters
You can use variables (globals, environment variables, or collection variables) to dynamically set the values of the NTLM authorization parameters.
Supported Platforms
Platform | Version | Status |
---|---|---|
Testfully for Web | 1.167.0 and later | Supported |
Testfully for Desktop (Mac, Linux, Windows) | 1.167.0 and later | Supported |
Testfully CLI | N/A | Not Supported |