Support for NTLM

[Halkcyon]

With #84 -> #115, support was added for SPNEGO, but it seems this only works for the Kerberos sub-mechanism. I have a service that is responding with a WWW-Authenticate: NTLM header, but the client is not handling that case.

I'm unsure if this is a documentation miss and I'm doing something wrong, or if it's not supported.

[Halkcyon]

A snippet of what I'm doing:

use isahc::{
    HttpClient,
    auth::{Authentication, Credentials},
    config::SslOption,
    prelude::*
};

const URL: &str = "...";

fn main() {
    let username = read();
    let password = read();
    let credentials = Credentials::new(username, password);

    let client = HttpClient::builder()
        .cookies()
        .authentication(Authentication::negotiate())
        .credentials(credentials)
        .ssl_options(SslOption::DANGER_ACCEPT_INVALID_CERTS)
        .build().unwrap();

    let res = client.get(URL).unwrap();
    println!("{:#?}\n{:#?}", res.headers(), res.status());
}

fn read() -> String {
    use std::io::{stdin, BufRead};

    stdin().lock().lines().next().unwrap().unwrap()
}

Response:

{
    "content-length": "0",
    "server": "Microsoft-HTTPAPI/2.0",      
    "www-authenticate": "NTLM",
    "date": "Fri, 13 Aug 2021 14:58:36 GMT",
}
401

[sagebind]

Thanks for filing an issue!

Advanced auth mechanisms such as NLTM are finicky and depend on how underlying libcurl is compiled. This issue may also be related: alexcrichton/curl-rust#359

You can try installling a custom build of libcurl with spnego support enabled and have Isahc use that by disabling the static-curl crate feature and it may work. I haven't tried it myself since I'm not too familiar with how it works and aren't sure how to test it myself.

[mfwre]

@Halkcyon, did you by any chance made this work?