Disable default sign in prompt while using ntlm passthrough technique in express-ntlm

Question

I am using following code in express-ntlm to get workstation details in my node.js app:

var express = require('express'),
ntlm = require('express-ntlm');

var app = express();
app.use(ntlm());

app.all('*', function(request, response) {
console.log(request.ntlm.Workstation); 
});

app.listen(3000);

When I hit localhost:3000 it pops up sign in prompt asking username and password. This is due to http setheader('WWW-Authenticate','NTLM') in the express-ntlm package code. How do I disable this sign in prompt and still be able to get workstation details?

P.S : (I tried disabling it through express-ntlm code, though it doesn't do it. There is some callback that I am missing, to reproduce exact events, which are triggered when you click sign in button on the prompt. Also I am not trying to put any custom sign in page.)

Answer 1

Check your browser settings/ policy.

For IE

Tools > Internet Options > Security Tab > Custom Level >User Authentication Logon > select checkbox "Automatic logon with current user name and password".

Answer 2

This is not possible. The WWW-Authenticate header tells the browser to use NTLM for authentication. If the browser supports NTLM natively, you won't notice this process, but if not, there will be a prompt to enter credentials. If you remove the header, the authentication won't happen and therefore you will not receive the required information.

Also, using ntlm() without a domain controller is not clever, as it disables authentication checks and therefore any user can provide any details they want, without any verification.