« Using TinyMCE with an AJAX form submit
Open Office 2 : Can it beat MS Office? »

NTLM Authentication in Firefox

Those of you who are familiar with NTLM authentication, and who are lovers of FireFox, might be interested to know that you can get NTLM authentication to work in Firefox, with a single setting.

NTLM Authentication allows the login credentials of a Windows user, who is logged into a Windows domain, to be automatically passed to an IIS web server in the same domain. It can be a very handy little feature in a workplace that can easily become over-burdened with usernames and passwords.


As for Firefox, if you have not experienced it, you need to. I use Firefox for almost everything at work even though we only officially support Internet Explorer for our internal applications. I recently ran into a very odd issue with Firefox when any POST to an IIS server ASP.NET page using AJAX would result in the user entering a never ending authentication loop. This happened with an application that was using NTLM authentication as its only mechanism.

Normally, Firefox would simply provide you with a credentials prompt where you could enter your domain credentials, and all would be well. But in this case, I got past the initial prompt but the AJAX POST would cause an issue. That’s when I came across this post that solved it all.

The setting is simple:

  • In the address bar in Firefox, type “about:config”
  • This will show all the settings for Firefox. In this list find this key “network.automatic-ntlm-auth.trusted-uris.” This is a comma-delimited list of all host names that you want to use NTLM with.
  • Just enter your host names like this: “host1.mydomain.com, host2.mydomain.com”

That’s it.

** EDIT**
From some of the post comments:

I couldn’t get this to work on my Mac using Mac OS X UNTIL I added a null server to my list. So try “server1,,server2″ in the middle of your list. Authentication then just takes place once and is not required after that. Seems to work.

I would like to point out that if you add an item like “.company.com” to these config lists, it will do catch all NTLM auto-auth. This was important to me, since we have several internal test servers and I just didn’t want to list them all.

This entry was posted on Thursday, March 23rd, 2006 at 8:32 pm and is filed under Code Bin, Web Development. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

7 Responses to “NTLM Authentication in Firefox”

  1. opensas Says:
    June 29th, 2006 at 8:12 pm

    I’m having exactly the same problem.

    I’m trying to develop an autocompleter input box in asp, using the script.aculo.us library.

    I’ve already tried with network.automatic-ntlm-auth.trusted-uris and network.negotiate-auth.trusted-uris but I keep falling into that infinite authentication loop

    Here (http://lists.samba.org/archive/jcifs/2006-May/006132.html) it says that using the get method instead of post, should work, but I still couldn’t give it a try

    Saludos

    Sas

  2. opensas Says:
    June 29th, 2006 at 8:18 pm

    Hey, I tried it, and it looks like it works fine using the get method instead of post.

  3. Deborah Says:
    August 10th, 2006 at 1:17 am

    Hi,

    Do you have guide or document regarding how to setup Microsoft IIS 6.0 for use with Lotus Domino on Linux (by using ISAPI filter)? We really need this urgent solution.

    Thanks a lot!

  4. debian_user Says:
    September 7th, 2006 at 12:03 am

    Do you know if there is a way to get NTLM authentication on Firefox working on a Linux machine with Samba? I have seen numerous posts about how to get it working on FF running on Windows but no one mentions anything when it is running on a Linux host.

    Any ideas??

  5. Peter Says:
    November 9th, 2006 at 12:33 pm

    Thanks a lot! It works great on my XP SP1 and Firefox 1.5.0.8
    I had to create the network…. entry in the about:config as it was not present.

  6. Akshay Says:
    November 11th, 2006 at 9:32 am

    Hi,

    network.automatic-ntlm-auth.trusted-uris works like a charm for me anyday.
    However, our internal network is big and full of different websites that require my LAN credentials. i tried to add most of these websites into network.automatic-ntlm-auth.trusted-uris values set but then i still need to do it for some other website.s

    I was wondering if its possible for the value set to be set to something like “*”. thats is allow all websites to be sent my credentials. Of course, this is dangerous. But then convenient never the less.

    Perhaps, a better option is to allow IP regular expression. So, lets say ther eis option 10.*.*.*, 192.168.*.* kind of values.

    Thanks
    Akshay

  7. erkanoe Says:
    February 26th, 2007 at 12:28 pm

    Hi,

    thank you very much for this, it worked just fine. trying to persuade a big company to migrate to Firefox and this was holding me back - now it works!!! If only there was some automated process to set it implicitly…

    But THANK YOU again,
    ~erkanoe