SharePoint Config

Ari Bakker's thoughts on customising and configuring SharePoint

Using npm behind a proxy that uses NTLM authentication

without comments

If you are developing modern applications with JavaScript then chances are you will be using node package manager (npm) – the package manager for JavaScript. This allows you to download and install packages including Angular, Bootstrap, React, jQuery, and many many others. If you are developing in a corporate environment then you may have issues using npm if you are behind a proxy server that uses Windows/NTLM authentication as npm doesn’t add authentication headers when downloading packages from the repository. This post covers how to solve these issues with Fiddler working as a local proxy to forward on authentication credentials to the NTLM proxy server.

The Issue

If you are behind a proxy and you try to run a npm command you will get an error similar to the one below:

npm ERR! network getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443

 

To configure npm to use a proxy you need to set the proxy and https-proxy config variables. This can be done as follows (where <proxy>:<port> is the url and port of your proxy server):

npm config set proxy "http://<proxy>:<port>"
npm config set https-proxy "http://<proxy>:<port>"

 

Now if you are behind a proxy that requires authentication you will see a slightly different error as shown below:

npm ERR! code ECONNRESET
npm ERR! network tunneling socket could not be established, statusCode=407
npm ERR! network This is most likely not a problem with npm itself
npm ERR! network and is related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly.  See: 'npm help config'

 

Note that the 407 HTTP error code indicates that proxy authentication is required.

Resolution

One way to resolve this issue is to use another proxy that is capable of accepting the npm requests and adding authentication headers when forwarding on the requests to the external proxy server (other ways of doing this involve including your username and password in the proxy config setting but I don’t recommend this approach in a corporate environment for security reasons).

There are several options for setting up an intermediate proxy but the one I’ve found easiest to setup is Fiddler. This approach is shown below with Fiddler adding the authentication headers when forwarding on npm requests to the proxy server that requires authentication.

 

The steps to configure this scenario are as follow:

  1. Download and install Fiddler
  2. In Fiddler select Rules > Automatically Authenticate (this is the setting that adds the NTLM authentication headers to each request)
  3. Run the following npm commands to configure npm to use Fiddler as an intermediate proxy (assuming Fiddler is using the default port):
     npm config set proxy http://localhost:8888
     npm config set https-proxy http://localhost:8888

    Note that Fiddler will capture all network traffic by default. If you don’t want this behaviour you can deselect the Tools > Fiddler Options > Connections > Act as system proxy on startup option to only route npm traffic through Fiddler.

This also assumes that you have configured your proxy correctly in IE and can browse to the internet before applying the above settings.

Tip: To configure git to use the same configuration then run the following commands:

git config --global http.proxy http://localhost:8888
git config --global https.proxy http://localhost:8888

 

Credit goes to my colleague David Wright for pointing me in the direction of this approach.

Post to Twitter Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

Written by Ari Bakker

April 21st, 2017 at 11:07 am

Leave a Reply

*