0

At work, I have a process that requires me to build a table based on information I find on an intranet website. So far I have done this by hand: I get the information using the form on the website and I input it into an access table which I upload to our company database. I thought I would try and automate this procedure using Python's get command from the requests library. However, the get request returned a 401 status code. Apparently I need authentication to access that information. Google Chrome and Internet Explorer both do that authentication automatically, it seems. I can't quite figure out how to do it though. The headers variable of the get Response states that the authentication being used is "Negotiate, NLTM." My question is, is there an easy way to determine what credentials Chrome/Explorer are providing to the server?

Thanks

Improve this question
1
  • 1
    In addition to the answer, you may want to ask your IT folk about the possibility of using a shared secret token or a client certificate, etc. to access the needed data.
    – ivanivan
    Commented Apr 20, 2019 at 16:16

1 Answer 1

Reset to default
2

The credentials being provided are that of the logged on user. The password isn’t being passed. A “token” is being passed that is calculated from information your computer obtained when you logged on to it.

https://docs.microsoft.com/en-us/windows/desktop/secauthn/microsoft-ntlm

You are correct that IE and Chrome will pass NTLM tokens if the sites you are accessing are placed in a “trusted” server list.

You’ll need to make python participate in the same NTLM process if you wish to authenticate to the server.

Google returns a lot of information about Python and NTLM authentication.

I would suggest that you might be able to find a better solution by considering going to the source of the information. The information on the website came from somewhere. You should remove as many layers of complexity as you can and go direct to the source. Perhaps a file share, or ftp site or something like that. Your solution will probably break if someone updates the layout of the website. Going to the source can avoid things like that.

You might also consider a different method of authentication, like a certificate, shared secret, or IP whitelist as suggested in the comments.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .