问题
I'm in need of using NTLM authentication in my web application against an IMAP mail server. Authentication in the web app itself is NTLM too. Thus, the user opens the web app interface and the web server end grabs the inbox of that user on the mail server authenticating via NTLM. Is that possible if I never store (neither I have access to) the user's password?
Is there any way to link the client's browser and the IMAP server via my web app so that token exchange would occur between them and I would just act as a gateway between them. Or, is there any other method to accomplish this task without knowing the password?
The web app can be asp.net/iis or php/apache. Either option will work for me.
回答1:
Looks like I had a bad day yesterday, otherwise have no idea why I couldn't figure it out that time as it's so simple!
If Windows authentication is enabled, the web app already gets the context of that interactive user who accessed the app. I can then authenticate against NTLM-enabled IMAP server via Integrated Windows Authentication just the same way I would in a desktop application.
I.e. they key point is that there is no need in the web app to somehow pass NTLM token from the browser to the IMAP server. It's just a two stages process: - first, the browser (running under interactive user) creates NTLM token via winapi functions and sends it to the web app so that finally the app acquires that interactive user context - then, the web app running under the interactive user context creates a new token via the same winapi functions and sends it to the IMAP server.
来源:https://stackoverflow.com/questions/11652234/pass-through-ntlm-authentication-in-a-web-app-on-an-imap-mail-server