topic Authenticating webservices in an NTLM environment in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/authenticating-webservices-in-an-ntlm-environment/m-p/147724#M103115 <HTML><HEAD></HEAD><BODY><SPAN>Some quick background to the system architecture first;</SPAN><BR /><BR /><SPAN>1. Alfresco 2.1 system "AlfrescoProd" running on server A, configured to authenticate via NTLM against Active Directory on domain THEDOMAIN</SPAN><BR /><SPAN>2. Custom java application "AceApp" running on server B, which also authenticates via NTLM against Active Directory on domain THEDOMAIN</SPAN><BR /><BR /><SPAN>I have a requirement to make some web services based calls from AceApp to AlfrescoProd to pull some alfresco based content into AceApp. Is there a way to use the NTLM credentials that have already been gathered by AceApp's authentication mechanism along with the web service calls to AlfrescoProd to make sure that the web service call is executed on the AlfrescoProd side as the same user that is using AceApp?</SPAN></BODY></HTML> Wed, 12 Dec 2007 02:47:19 GMT marcus 2007-12-12T02:47:19Z Authenticating webservices in an NTLM environment https://connect.hyland.com/t5/alfresco-archive/authenticating-webservices-in-an-ntlm-environment/m-p/147724#M103115 Some quick background to the system architecture first;1. Alfresco 2.1 system "AlfrescoProd" running on server A, configured to authenticate via NTLM against Active Directory on domain THEDOMAIN2. Custom java application "AceApp" running on server B, which also authenticates via NTLM against Active Wed, 12 Dec 2007 02:47:19 GMT https://connect.hyland.com/t5/alfresco-archive/authenticating-webservices-in-an-ntlm-environment/m-p/147724#M103115 marcus 2007-12-12T02:47:19Z Re: Authenticating webservices in an NTLM environment https://connect.hyland.com/t5/alfresco-archive/authenticating-webservices-in-an-ntlm-environment/m-p/147725#M103116 <HTML><HEAD></HEAD><BODY><SPAN>To follow up, there's a method that I know works, but takes advantage of some cross site request forgery stuff that could be exploited if used nefariously, which is why I'm hoping there's a less exploitable way of doing things</SPAN><BR /><BR /><SPAN>Create the following in Data Dictionary/Scripts/key.js</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />var output = 'var _ALF_TICKET = "'+session.ticket+'";';<BR />output;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>Add the following to your own application</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;script type="text/javascript" src="<A href="http://alfresco.domain:8080/alfresco/command/script/execute?scriptPath=/Company%20Home/Data%20Dictionary/Scripts/key.js" rel="nofollow noopener noreferrer">http://alfresco.domain:8080/alfresco/command/script/execute?scriptPath=/Company%20Home/Data%20Dictionary/Scripts/key.js</A>"&gt;&lt;/script&gt;<BR /><BR />&lt;script type="text/javascript"&gt;<BR />&nbsp;&nbsp;&nbsp;// if _ALF_TICKET now exists, lets refresh with it as a parameter<BR />&nbsp;&nbsp;&nbsp;if (_ALF_TICKET != null) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// use some ajax to blast _ALF_TICKET back into your application and bounce off to the next page<BR />&nbsp;&nbsp;&nbsp;}<BR />&lt;/script&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BODY></HTML> Wed, 12 Dec 2007 04:49:20 GMT https://connect.hyland.com/t5/alfresco-archive/authenticating-webservices-in-an-ntlm-environment/m-p/147725#M103116 marcus 2007-12-12T04:49:20Z