在Go语言中使用HTTP NTLM请求获取Windows系统凭据

huangapple go评论154阅读模式
英文:

Windows system credentials in Go HTTP NTLM requests

问题

我正在寻找在Go的HTTP请求中使用调用应用程序的Windows用户的系统凭据进行NTLM身份验证的最简单方法。

在C#/.NET中,我可以通过以下方式实现:

WebRequest request = WebRequest.Create(url);
request.Credentials = CredentialCache.DefaultCredentials;
WebResponse response = request.GetResponse();
Stream receiveStream = response.GetResponseStream();

而在Python中,可以通过以下方式获得等效的结果:

import win32com.client
h = win32com.client.Dispatch('WinHTTP.WinHTTPRequest.5.1')
h.SetAutoLogonPolicy(0)
h.Open('GET', url, False)
h.Send()

但是我没有找到任何关于如何在Go中实现相同功能的资源。当然,我可以使用一个支持NTLM身份验证的库,并手动提供用户名和密码,但这里的目标是避免将这些信息放在代码中。

英文:

I am looking for the path of least resistance for doing NTLM authentication in a Go HTTP request using the system credentials of the Windows user calling the application.

In C#/.NET, I would be able to achieve this through

WebRequest request = WebRequest.Create(url);
request.Credentials = CredentialCache.DefaultCredentials;
WebResponse response = request.GetResponse();
Stream receiveStream = response.GetResponseStream();

and in Python, the equivalent result can be obtained through

import win32com.client
h = win32com.client.Dispatch('WinHTTP.WinHTTPRequest.5.1')
h.SetAutoLogonPolicy(0)
h.Open('GET', url, False)
h.Send()

but I have not been able to find any resources on how to do the same thing in Go. I could of course use a library for NTLM authentication and manually provide a username/password, but the goal here is to avoid ever putting those in.

答案1

得分: 3

在进一步研究后,发现可以使用go-ole来利用WinHTTPRequest,与问题中的Python示例相同。忽略所有的错误捕获,

package main

import (
	"fmt"

	ole "github.com/go-ole/go-ole"
	"github.com/go-ole/go-ole/oleutil"
)

func main() {
	ole.CoInitialize(0)
	defer ole.CoUninitialize()
	unknown, _ := oleutil.CreateObject("WinHTTP.WinHTTPRequest.5.1")
	request, _ := unknown.QueryInterface(ole.IID_IDispatch)
	oleutil.CallMethod(request, "SetAutoLogonPolicy", 0)
	oleutil.CallMethod(request, "Open", "GET", "http://example.com", false)
	oleutil.CallMethod(request, "Send")
	resp := oleutil.MustGetProperty(request, "ResponseText")
	fmt.Println(resp.ToString())
}
英文:

After digging into it a bit further, it looks like go-ole can be utilized to make use of WinHTTPRequest in the same way as the Python example in the question. Ignoring all error catching,

package main

import (
	"fmt"

	ole "github.com/go-ole/go-ole"
	"github.com/go-ole/go-ole/oleutil"
)

func main() {
	ole.CoInitialize(0)
	defer ole.CoUninitialize()
	unknown, _ := oleutil.CreateObject("WinHTTP.WinHTTPRequest.5.1")
	request, _ := unknown.QueryInterface(ole.IID_IDispatch)
	oleutil.CallMethod(request, "SetAutoLogonPolicy", 0)
	oleutil.CallMethod(request, "Open", "GET", "http://example.com", false)
	oleutil.CallMethod(request, "Send")
	resp := oleutil.MustGetProperty(request, "ResponseText")
	fmt.Println(resp.ToString())
}

huangapple
  • 本文由 发表于 2017年3月16日 01:20:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/42816600.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定