The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,595 other followers

Windows: authenticated command-line download from IIS server wget: no, cURL: yes.

Posted by jpluimers on 2014/10/03

Had to download a bunch of stuff over the command-line from an IIS server that was using authentication. Not basic authentication, but NTLM authentication.

wget kept failing, even wget 1.10 that usually does NTLM quite OK (but up to 1.10.2 has a security vulnerability so you should not use wget 1.10 any more).

So I installed a Windows x86 cURL binary, and downloaded+copied the root certificates, then did some reading on the command-line switches.

Without any, cURL does http basic authentication. But a Windows server usually expects NTLM authentication (hardly documented, but it uses the Negotiate protocol).

When not using NTLM, both would show (wget -d, or curl -v) this in the output, indicating you should use NTLM authentication:

HTTP/1.1 401 Unauthorized
Server Microsoft-IIS/7.0 is not blacklisted
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

cURL uses the –ntlm switch for NTLM authentication (if you have an NTLM based proxy, then use –proxy-ntlm)

Whereas wget saves the file, you need to specify that with cURL using the –output option.

Another thing I bumped into is the seemingly undonditional love for Windows users to put spaces in filenames.

You cannot escape those with %20 in batch files, you have to escape them using %%20.

So a small batch file doing some downloads looks like this:

:setlocal
set USER=username
set PASS=password
:: username can also be domain\username
set command=V:\CAS400\HOME\BIN\cURL\curl.exe --ntlm --user %USER%:%PASS%
%command% --output OutputFile1.pdf http://servername/path/OutputFile1.pdf
%command% --output "Output File 2.pdf" "http://servername/path/Output%%20File%%202.pdf"
:endlocal

You can leave out the :%PASS% part, then cURL will prompt you for a password at each request.

–jeroen

via: Canvas Guides | Canvas Admin Guide | How do I install and use cURL on a Windows machine?.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: