Chrome forces users to enter username/password manually

einfallstoll / express-ntlm

An express middleware to have basic NTLM-authentication in node.js.

BSD 2-Clause "Simplified" License

89 stars 26 forks source link

Chrome forces users to enter username/password manually #52

Closed cazjck closed 6 years ago

cazjck commented 6 years ago

Hi Everyone. I'm using 'express-ntlm' for my application. When the user access to my app. They need to enter username/password for authentication with LDAP. In my code, i use command: request.destroy(); or I close my browser and open this again then my app required username/passsword. How to they can logout without run behavior above.

einfallstoll commented 6 years ago

Chrome seems to be a little "special" when talking about NTLM. It seems like it actually is supported, but needs some additional setup by using a new policy.

Try the module first in Internet Explorer to make sure it is working at all.

cazjck commented 6 years ago

I know, I have already login to success my ldap. But i want to change the other account. How to logout ntlm ? Thanks

einfallstoll commented 6 years ago

Logout of Windows and login as a different user. It does not make sense to logout just from the web application since your browser would login again automatically.

Am 10.01.2018 um 10:13 schrieb Phạm Duy Khanh notifications@github.com:

I know, I have already login to success my ldap. But i want to change the other account. How to logout ntlm ? Thanks

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/einfallstoll/express-ntlm/issues/52#issuecomment-356544360, or mute the thread https://github.com/notifications/unsubscribe-auth/AAlyKCmxfgNyxeyE5f28ed5TfmMedg8Pks5tJH8rgaJpZM4RY36q.

cazjck commented 6 years ago

I'm using ldap with web application.

`app.use(ntlm({ debug: function() { var args = Array.prototype.slice.apply(arguments); console.log.apply(null, args); }, forbidden: function(req, res, next) { res.setHeader('WWW-Authenticate', 'NTLM'); res.sendStatus(401); },

domain: 'myldap.com',
domaincontroller: 'ldap://myldap.com/',

}));`

When i access my web app, The browser required user/pass. Example: I login my PC by A account but i can login my web app by B account. How to I logout B account and login by other account from my app( remove some field of request, clear cache browser ?) Thanks

einfallstoll commented 6 years ago

This does not make sense. express-ntlm should automatically log in. If Chrome decides to mess around with NTLM, it's their problem. NTLM should not be logged out.