通过具有NTLM授权的代理对具有基本授权的Web服务的请求不起作用

|| 我有一个需要基本授权的Web服务,并且一个需要NTLM授权的Internet代理背后的用户。我也有一个表单应用程序,该应用程序可以调用Web服务,并且还要求用户提供Web服务凭据(与NTLM凭据不同)。 我使应用程序配置正常运行(WCF ServiceModel),它使用的是默认代理凭据,请求正在通过代理进行身份验证,但是在通过Web服务进行身份验证之后,由于某种原因它不会发送请求正文。 如果我在没有NTLM代理的情况下进行本地测试,则该过程有效。很抱歉,冗长的示例,但我不得不将它们包括在内。 第一个要求: 发送: 
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: \"http://tempuri.org/MyMethod\"
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\"><s:Body>[...]</s:Body></s:Envelope>
接收: 
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm=\"corporaterealm\"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-36204A5A7BBD24D9=2; Path=/
Connection: close
Content-Length: 1057
Proxy-Support: Session-Based-Authentication

[...]
第二个要求: 发送: 
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: \"http://tempuri.org/MyMethod\"
Accept-Encoding: gzip, deflate,gzip, deflate
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIoggACAAxAAAACQAJACgAAAAFASgKAAAAD1dTUkswNDg3MENPTUVUTkVU
Host: www.myservice.com
Content-Length: 0
接收: 
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAEAAQADgAAAAFgomiysOwieqrhFEAAAAAAAAAALIAsgBIAAAABQLODgAAAA9DAE8ATQBFAFQATgBFAFQAAgAQAEMATwBNAEUAVABOAEUAVAABABoAVgBJAC0AUgBJAEMASwBEAEMALQAwADAAMQAEABwAYwBvAG0AZQB0AG4AZQB0AC4AbABvAGMAYQBsAAMAOABWAEkALQBSAEkAQwBLAEQAQwAtADAAMAAxAC4AYwBvAG0AZQB0AG4AZQB0AC4AbABvAGMAYQBsAAUAHABjAG8AbQBlAHQAbgBlAHQALgBsAG8AYwBhAGwAAAAAAA==
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: Keep-Alive
Set-Cookie: BCSI-CS-36204A5A7BBD24D9=2; Path=/
Connection: Keep-Alive
Content-Length: 1074
Proxy-Support: Session-Based-Authentication

[...]
第三个要求: 发送: 
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: \"http://tempuri.org/MyMethod\"
Accept-Encoding: gzip, deflate,gzip, deflate,gzip, deflate
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAAAYABgAkAAAABAAEABIAAAADgAOAFgAAAASABIAZgAAAAAAAACoAAAABYKIogUBKAoAAAAPQwBPAE0ARQBUAE4ARQBUAFAAYQByAHMAbwBuAEoAVwBTAFIASwAwADQAOAA3ADAAlap7g+mPRMEAAAAAAAAAAAAAAAAAAAAARLAhi5lf3nd+l9xENAcu2W6xf6iJbyM6
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue

<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\"><s:Body>[...]</s:Body></s:Envelope>
接收: 
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm=\"myrealm\"
X-Powered-By: ASP.NET
Date: Tue, 31 May 2011 13:09:33 GMT
Cache-Control: proxy-revalidate
Content-Length: 1656
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Proxy-support: Session-based-authentication
Age: 0

[...]
第四项要求: 发送: 
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: \"http://tempuri.org/MyMethod\"
Accept-Encoding: gzip, deflate,gzip, deflate,gzip, deflate,gzip, deflate
Authorization: Basic Y29nZW50YVxjb21ldC1kbTM6Kmh0JTg2NCU=
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIoggACAAxAAAACQAJACgAAAAFASgKAAAAD1dTUkswNDg3MENPTUVUTkVU
Host: www.myservice.com
Content-Length: 0
接收: 
HTTP/1.1 400 Bad Request
Date: Tue, 31 May 2011 13:09:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private, proxy-revalidate
Content-Length: 0
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 0
我不明白为什么它没有在第4个请求中发送信封。两次握手已完成,因此从理论上讲一切都应该很好。 当我在没有NTLM代理的情况下在本地执行此操作时,信封将按预期发送: 第一个要求: 发送: 
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: \"http://tempuri.org/MyMethod\"
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\"><s:Body>[...]</s:Body></s:Envelope>
接收: 
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm=\"myrealm\"
X-Powered-By: ASP.NET
Date: Tue, 31 May 2011 13:31:46 GMT

[...]
第二个要求: 发送: 
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: \"http://tempuri.org/MyMethod\"
Accept-Encoding: gzip, deflate,gzip, deflate
Authorization: Basic Y29nZW50YVxjb21ldC1kbTM6Kmh0JTg2NCU=
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue

<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\"><s:Body>[...]</s:Body></s:Envelope>
接收: 
HTTP/1.1 200 OK
Date: Tue, 31 May 2011 13:31:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=svv4i11awg05v1j5viz1impo; path=/; HttpOnly
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 5127

[...]
    
2020-01-23 3 条评论
分享

没有找到相关结果

    已邀请:

    豪抱怒掳

            我必须更改服务器安全性配置以接受摘要式身份验证。由于某些原因,而Basic不起作用。     
    2020-01-23 0 0
    分享

    款去芳尾脊

            我遇到了潜在的类似问题,并且就我而言,这可能与建立与代理的原始NTLM连接有关。 以我的经验,每小时有三个请求按顺序发出,并配置了重试。 在这些请求中,有两个会起作用,一个会失败,并返回400,然后在第一次重试时也很好。 在此发现了与IE类似的问题:http://blogs.msdn.com/b/asiatech/archive/2012/01/30/400-bad-request-when-posting-webservice-or-wcf-request-来自-ie.aspx 我运行了一些网络跟踪记录,并观察了行为,并注意到常常经常共享TCP流,因此其中一个请求最终会在另一个已通过身份验证之后向代理发送NTLM身份验证消息(内容长度为零)。 。在这种情况下,代理仅通过了零内容消息(因为流已通过身份验证)。 对我来说固定的是移到WCF-Custom
    customBinding
    (使用
    textMessageEncoding
    messageVersion
    Soap11
    来维持我的
    basicHttpBinding
    行为),并且(不确定是否需要)将
    keepAliveEnabled
    设置为false。 不幸的是,我怀疑这对您的特定情况是否有很大帮助,但是更多信息永远不会伤害您。     
    2020-01-23 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.065618991851807