我正在尝试从名为SV-REQ的服务器上的ASP.Net页面对另一个名为SV-RES的IIS7服务器进行HttpWebRequest。当我在SV-RES上设置IIS以使用Digest,Basic或Negotiate并对凭证缓存对象进行更改以使用适当的方法时,代码执行正常,我从SV-RES获得有效响应,确认用户凭据是正确的。但是,当我将IIS设置为在SV-RES上使用“Windows身份验证”时,在凭证缓存对象中使用NTLM时会返回401错误。
我真的很茫然,如果有人知道如何开展这项工作,我将不胜感激。
注意:正在执行此代码的服务器正在通过HTTP进行匿名身份验证。获取请求的服务器是通过HTTPS的NTLM(如前所述),如下面的代码所示。
这是正在执行的SV-REQ上的代码。 SV-REQ是IIS7,为ASP.Net 2.0配置
Dim credCache As CredentialCache = New CredentialCache()
Dim mUri As Uri = New Uri("https://sv-res.my-domain-here.com/default.htm")
Dim mreq As HttpWebRequest = WebRequest.Create(mUri.ToString)
credCache.Add(mUri, "NTLM", New NetworkCredential(muser, mpass, mdomain))
mreq.Credentials = credCache
Dim mres As HttpWebResponse = mreq.GetResponse
这是我从上面的代码中从SV-RES返回的错误。 SV-RES也是为ASP.Net 2.0配置的IIS7
The remote server returned an error: (401) Unauthorized. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized. Source Error: Line 31: credCache.Add(mUri, "NTLM", New NetworkCredential(muser, mpass, mdomain)) Line 32: mreq.Credentials = credCache Line 33: Dim mres As HttpWebResponse = mreq.GetResponse Line 34: Dim sr As StreamReader = New StreamReader(mres.GetResponseStream()) Line 35: txtResult.Text = sr.ReadToEnd() Source File: C:\inetpub\httproot\contentscan.aspx.vb Line: 33 Stack Trace: [WebException: The remote server returned an error: (401) Unauthorized.] System.Net.HttpWebRequest.GetResponse() +1126 contentscan.Page_Load(Object sender, EventArgs e) in C:\inetpub\httproot\contentscan.aspx.vb:33 System.Web.UI.Control.OnLoad(EventArgs e) +132 System.Web.UI.Control.LoadRecursive() +66 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428
答案 0 :(得分:4)
经过相当多的调查后,我发现了这个问题。看起来它与安全更新有关,但实际上并没有经常讨论,因此我在我的网站上写了一篇关于它的帖子:http://www.tinyint.com/index.php/2009/08/24/401-error-on-httpwebrequest-with-ntlm-authentication/
但缺点是security update修补了SMB中的漏洞,其中一部分涉及在进行身份验证请求时对主机名进行环回检查。如果启用此环回检查,则必须在注册表中输入主机名才能正确进行身份验证。