如何在Mojo :: UserAgent中使用NTLM或Kerberos身份验证

时间:2015-09-22 06:42:07

标签: perl ntlm mojolicious

我试图让Mojo :: UserAgent通过NTLM进行身份验证。像这样的道路:

use Mojo::UserAgent;
use Mojo::URL;
use Data::Dump qw/dump/;
use Path::Tiny;
use Authen::NTLM;

$\ = "\n"; $|++;

my $ntlm = Authen::NTLM-> new(host => "some.hidden.pl", user => 'foo',
              domain   => "bar", password => "baz", version  => 2);

my $xml = path($ARGV[0])->slurp;

my $ua = Mojo::UserAgent->new;
my $url = Mojo::URL->new('https://some.hidden.pl/ews/exchange.asmx');

$url->userinfo(sprintf('%s\%s:%s', qw/bar foo baz/));

my $tx = $ua->get($url);

my $tx = $ua->build_tx(GET => $url);
$challenge = $ntlm->challenge;
$tx->req->headers->header('Authorization' => 'NTLM ' . $challenge);
$ua->start($tx);

$challenge = [ split /,\s*/, $tx->res->headers->header('www-authenticate') ]->[0] =~ s/NTLM //r;
$challenge = $ntlm->challenge($challenge);
my $tx = $ua->build_tx(GET => $url);
$tx->req->headers->header('Authorization' => 'NTLM ' . $challenge);
$ua->start($tx);

$tx = $ua->build_tx(POST => $url, {'Content-Type' => 'text/xml'}, $xml );
$tx->req->headers->content_type('text/xml');
$tx->req->headers->header('Authorization' => 'NTLM ' . $challenge);
$ua->start($tx);
print dump $tx->res;

但我在服务器的第二个响应中不断收到401。

我错了什么?是否更容易使用Kerberos身份验证(如果是这样,如何)?

感谢

1 个答案:

答案 0 :(得分:1)

我刚刚发布了一个新模块,在这方面应该非常有用Mojolicious::Plugin::SPNEGO。使用起来非常简单:

use Mojolicious::Lite;

my $SERVER = 'my-ad-server.example.com';

app->secrets(['My secret passphrase here']);

plugin 'SPNEGO', ad_server => $SERVER;

get '/' => sub {
   my $c = shift;
   if (not $c->session('user')){
       $c->ntlm_auth({
           auth_success_cb => sub {
               my $c = shift;
               my $user = shift;
               my $ldap = shift; # bound Net::LDAP::SPNEGO connection
               $c->session('user',$user->{samaccountname});
               $c->session('name',$user->{displayname});
               my $groups = $ldap->get_ad_groups($user->{samaccountname});
               $c->session('groups',[ sort keys %$groups]);
               return 1;
           }
       }) or return;
   }
} => 'index';

app->start;

__DATA__

@@ index.html.ep
<!DOCTYPE html>
<html>
<head>
<title>NTLM Auth Test</title>
</head>
<body>
<h1>Hello <%= session 'name' %></h1>
<div>Your account '<%= session 'user' %>' belongs to the following groups:</div>
<ul>
% for my $group (@{session 'groups' }) {
   <li>'<%= $group %>'</li>
% }
</ul>
</body>
</html>

该模块基于新发布的Net :: LDAP :: SPNEGO模块,该模块为SPNEGO对话框提供基本构建块。

相关问题
最新问题