Developing in companies that have proxy servers for developers can be frustrating in this age when every tool needs access to online resources and even parts of software development life cycle are cloud based. Proxy servers that require NTLM authentication just add to that frustration. NTLM is developed by Microsoft but many applications built by Microsoft do not support it or require some configuration and in worst cases some hacking to make it work. Below is a list of some the tools that developers might be using on a daily basis and what you need to do to make them connect via NTLM proxy. I keep adding more to the list as I encounter them.
- Visual Studio Code (VSCode)
- Visual Studio, Web Platform Installer and other .NET Applications
Visual Studio Code (VSCode)
VSCode 1.15 and up now supports NTLM proxy (finally Microsoft supported its own authentication protocol).
For NPM you have two options. Either to send proxy address and credentials in every single command you run or to set them in the global configuration of NPM. I recommend the former because it is more secure.
Set proxy in every command
When calling NPM command you can always use
--proxy switch to set proxy for each command. The syntax for using this switch is the following.
For example to use
myproxy:8080 as proxy address and
my-domain\reza as username and
P@ssw0rd as password when calling the
install command you can type the following.
npm install --proxy http://my-domain%5Creza:P%40ssw0rd@myproxy:8080
Please note that both username and password are URL encoded. You can use the following command in your browser’s developer tools to encode them.
Set proxy in NPM configuration
To set the proxy in the global configuration of NPM you need use the same format as above for sending the proxy address, username and password and use
npm config set to store it in the configuration. For example to set the proxy address to
myproxy:8080 and username to
my-domain\reza and password to
P@ssw0rd you can use the following command.
npm config set proxy http://my-domain%5Creza:P%40ssword@myproxy:8080
Visual Studio, Web Platform Installer and other .NET applications
To set the proxy for pretty much any .NET application, you need to put the following in the configuration file of that application.
<system.net> <defaultProxy useDefaultCredentials="true" enabled="true"> <proxy bypassonlocal="true" proxyaddress="http://myproxy:8080" /> </defaultProxy> </system.net>
For Visual Studio I suggest also enabling IPV6 if the above configuration did not work as suggested by some other developers.
<system.net> <settings> <ipv6 enabled="true"/> </settings> <defaultProxy useDefaultCredentials="true" enabled="true"> <proxy bypassonlocal="true" proxyaddress="http://myproxy:8080" /> </defaultProxy> </system.net>
For executable files the configuration file is named the same as executable’s file name but with .exe.config extension. For Visual Studio it is called
devenv.exe.config and for Web Platform Installer it is
At the moment Postman (v7.36.1) does not support NTLM authentication and the only best way that you can make it work is by using Fiddler. Here is what you need to do, step by step:
- Install Fiddler and run it.
- Make sure
Automatically Authenticateis selected. This will enable Fiddler to authenticate on behalf of Postman with your current user account.
- * In Postman, go to
Settingsand then Proxy and turn on
Global Proxy Configuration
Proxy Typeselect both
- For the
Proxy Server, use
127.0.0.1:8888(If you you have changed the default port that Fiddler is listening on you will need to change it here as well).
- ** In Fiddler, go to
Options...and then in HTTP tab, select
Capture HTTPS CONNECTsand
Decrypt HTTPS trafficand install the certificate when prompted.
- In Postman go to
General, turn off
SSLS certificate verification. You need to do this because currently, Postman does not support intermediate proxies.
* In step 6, instead of using
Global Proxy Configuration you may also use
Use System Proxy, but in that case you need to make sure in Fiddler,
Capture Traffic is selected under
File menu. This way Fiddler will capture all the HTTP traffic by setting Windows Proxy settings.
** You won’t need to do step 6 and 7 if you won’t be working with HTTPS URLs.