13

I am trying to work with a sharepoint site that use my windows authentication. I can use the requests module to access the site but it requires I explicitly state my windows password.

import requests
from requests_ntlm import HttpNtlmAuth

SITE = "https://sharepointsite.com/"
PASSWORD = "pw"
USERNAME = "domain\\user"

response = requests.get(SITE, auth=HttpNtlmAuth(USERNAME,PASSWORD))
print response.status_code

Is there a way for Python to access the site through windows authentication so I don't have to provide my password? It seems like this might be possible through requests_nltm but I can't work out how.

Improve this question
2
  • 2
    I think that the responders below don't understand that "windows authentication" means that want the Sharepoint server to pick up the authentication from the windows workstation that you are currently using. Commented Jul 7, 2017 at 18:48
  • Hey Tim, Did you get any solution on that? Please post it if you have. I tried below solution but all are giving 401 status code. Commented Jun 14, 2022 at 9:02

3 Answers 3

Reset to default
11

If you don't want to explicitly state your windows password you could use the getpass module:

import requests
from requests_ntlm import HttpNtlmAuth
import getpass

SITE = "https://sharepointsite.com/"
USERNAME = "domain\\user"

response = requests.get(SITE, auth=HttpNtlmAuth(USERNAME, getpass.getpass()))
print response.status_code

This way you don't have to store you password in plain text.

Looking at the code for the requests_ntlm there isn't a way to use it without supplying your password or the hash of your password to HttpNtlmAuth

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

OK - thank you. I was hoping to have this run without my intervention but guess that might not be possible if I don't want the password stored in plain text.
It may be possible, i just don't know how.
3

The accepted answer still uses a stored password. An option to use integrated authentication via the Windows SSPI interface would be the following:

import requests
from requests_negotiate_sspi import HttpNegotiateAuth

cert = 'path\to\certificate.cer'
 
response = requests.get(
    r'http://mysharepoint.com/_api',
    auth=HttpNegotiateAuth(),
    verify=cert)

print(response.status_code)

See here for more information.

Improve this answer

Comments

-3

Have you considered storing your username and password as environmental variable on the machine that is running the script? This will prevent you from having to store the sensitive information within the script itself. Then only the machine's admin can access/modify the sensitive information.

Through cmd prompt, set the desired variables (below syntax is for a Windows machine): 

SET username=domain\\user
SET password=your_password

To ensure you've correctly set the variables, type SET into the cmd prompt and see if the variables are listed.

Once correctly set, then use python's os module to access the variables and use as desired:

import os
import requests
from requests_ntlm import HttpNtlmAuth

username = os.environ.get('username')
password = os.environ.get('password')

SITE = "https://sharepointsite.com/"

response = requests.get(SITE, auth=HttpNtlmAuth(username, password))

IMPORTANT NOTES:

  1. If you close the cmd prompt window, the environment variables you just set will be erased and your script will throw a "I can't find environment variables" error. To avoid this, either always keep the cmd window open while the script runs, or permanently set the environment variables (instructions here for Windows machines. Note: the instructions refer to changing the PATH environment variable but you'll get the idea on how to create/modify your own variables).
  2. Be careful not to overwrite an existing environment variable. First double check that a name is available by listing all variables (type SET into cmd prompt).
  3. Environment variables are stored as string
Improve this answer

1 Comment

On Windows systems environment variables are not very secure. anyone can view anyone else's environment variables as they're stuck in the systemwide registry. It's not really a good idea to put passwords or other sensitive info there.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.