Cross-Domain NTLM Authentication returns 401

This might be a specific issue and I will try to explain it as efficiently as possible.

We have a REST API service set up on IIS 10 on a Windows 2016 server registered in DOMAIN-1. The providers are set to use NTLM and Negotiate. If I set the Authorization in SOAPUI to use NTLM and the credentials of a domain user in DOMAIN-1, authentication works. However, if I use credentials of a user in DOMAIN-2, I get a 401.

The kicker is here: browsing to the endpoint using any browser works, as well as switching off Authorization from SOAPUI and configuring Burp Suite to act as a local proxy and NTLMv2 and DOMAIN-2 user credentials to connect to the endpoint. The problem seems specific to the NTLM auth method being used in SOAPUI, perhaps related to httpclient 4.1.1?

Finally, I have access to the server and examined event logs related to the success and failed logins. The failed logs have a substatus of "0xC000006A", possibly meaning "user name is correct but the password is wrong". It is for sure not a typo.

I also tried to examine the NTLM challenges and responses using wireshark but I cannot understand why only the DOMAIN-1 users are working using SOAPUI.

Pre-emptive auth is unchecked.

In my research I have seen some issues with httpclient 4.1.1 - could it be related to this?

Thanks.

Forum Discussion

Cross-Domain NTLM Authentication returns 401

Related Content

Kafka topic using OAuth2 authentication

ReadyAPI Authentication

Cookie Authentication

Project Authentication

Mock Service: Cross-domain from JavaScript

Recent Discussions

What is purpose if inspector pane in SoapUI?

How do I change password and Username on every call in a Test Case in SoapUI?

Content-Length calculation wrong when posting UTF-8 content

Error exception in phase 'semantic analysis' with java 21

Generate positive long integer?