Forward NTLM authentication to corporate proxy from local proxy server

I have a Python script which is supposed to access various web API's from our server out through to the internet. The issue is that Python support from what I've seen is quite poor when it comes to supporting NTLM authentication. This causes our corporate proxy server to always return HTTP code 407. My initial idea was to set up a local proxy server using IIS and the Application Request Routing module, which would forward all requests to our corporate proxy while handling the NTLM authentication. Issue with that approach is that it doesn't appear to be forwarding my NTLM credentials, which the current user is running the Python script from.

Will this approach work? If so, how can I implement it?

Solution 1:

Have you taken a look at these?

NTLM Authorization Proxy Server

Python NTLM

Solution 2:

Might be a bit late but wanted to mention this nonetheless. No doubt having NTLM support in your script would be great but that would add complexity for no big returns. Might be best to use NTLMAps, Cntlm or Px.

NTLMAps and Cntlm are proxies that do the NTLM auth as an intermediary proxy. However, they both require the user/pass since they are mostly targeted towards Linux users. I historically used these tools on Windows but was annoyed by the same requirement of having to provide the credentials to them and update every time my password changed.

As a result, I've authored Px for Windows which is an HTTP proxy like the above two, but uses SSPI to manage the required authentication with the corporate proxy. All you need to configure is the proxy server and port.

For developing your own apps, the code should also help figure out how to do this within Python and perhaps other languages which have access to SSPI. But you'd rather isolate the NTLM mess and not meddle with it.