HTTP NTLM authentication

Question

I am trying to consume an API which requires NTLM authentication. This curl command works fine:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json'  --ntlm -u user:password -d '{ "key1": "100",     "key2": "1"}' http://some/api/v/12

Now I am trying to do the same from a Go program:

package main

import (
    "bytes"
    "fmt"
    "net/url"
    "net/http"
    "io/ioutil"
    "log"
    "github.com/Azure/go-ntlmssp"



)

func main() {
    url_ := "http://some/api/v/12"

     client := &http.Client{
        Transport: ntlmssp.Negotiator{
            RoundTripper:&http.Transport{},
        },
    }



    data := url.Values{}
    data.Set("key1", "100")
    data.Set("key2", "1")
    b := bytes.NewBufferString(data.Encode())
    req, err := http.NewRequest("POST", url_,  b)
    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("Accept", "application/json")
    req.SetBasicAuth("user", "password")


    resp, err := client.Do(req)
    if err != nil {
        fmt.Printf("Error : %s", err)
    } else {

        responseData, err := ioutil.ReadAll(resp.Body)
        if err != nil {
            log.Fatal(err)
        }


        responseString := string(responseData)



        fmt.Println(responseString)
        resp.Body.Close()
    }

}

When I execute this program I receive an "invalid credentials" error which I normally receive when I don't include "--ntlm" flag in the curl command.

Can you please me give me a hint how can I accomplish this task with Go?

---

Update

printing the request from the curl command:

* About to connect() to www.xxx.xxx.com port xx (#0)
*   Trying xxx.xxx.x.xxx...
* Connected to www.xxx.xxx.com (xxx.xxx.x.xx) port xx (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Server auth using NTLM with user 'user'


> POST /some/api/v2 HTTP/1.1
> Authorization: NTLM xxxxx (44 cahracters)
> User-Agent: curl/7.29.0
> Host: www.xxx.xxx.com
> Content-Type: application/json
> Accept: application/json
> Content-Length: 0
>

< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM xxxxx (312 characters) 
< Date: Thu, xx Aug xxxx xx:xx:xx xxx
< Content-Length: 341
<

* Ignoring the response-body
* Connection
* Issue another request to this URL: 'http://some/api/v2'
* Found bundle for host www.xxx.xxx.com: 0x0000
* Re-using existing connection! 
* Connected to www.xxx.xxx.com (xxx.xxx.x.xx) port xx (#0)
* Server auth using NTLM with user 'user'
> POST /api/v2 HTTP/1.1
> Authorization: NTLM xxx (176 characters)
> User-Agent: curl/7.29.0
> Host: www.xxx.xxx.com
> Content-Type: application/json
> Accept: application/json
> Content-Length: 39
>


* upload completely sent off: 39 out of 39 bytes


< HTTP/1.1 200 OK
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: application/json; charset=utf-8
< Expires: -1
< Server: Microsoft-IIS/7.5
< X-AspNet-Version: 4.0.30319
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< Date: Thu, 08 Aug 2019 06:49:41 GMT
< Content-Length: 1235

Answer 1

NTLM needs a fully qualified Domain\Username login. Email or simple username does not work. So for the username part, it has to look like this:

MYDOMAIN\[username]

where [username] is the actual windows user.