我有一个通过IIS托管的Web应用程序,需要Windows身份验证。一些用户可以毫无问题地访问应用程序。其他人得到一个请求凭据的对话框,但当他们取消请求时,应用程序正确加载。还有一些提示输入凭据,当他们输入凭据时,会收到401错误。使用Fiddler,我发现有效用户的身份验证标头如下所示:
-[NTLM Type3: Authentication]------------------------------
Provider: NTLMSSP
Type: 3
OS Version: 6.1:7601
Flags: 0xe2888215
Unicode supported in security buffer.
Request server's authentication realm included in Type2 reply.
Sign (integrity)
NTLM authentication.
Negotiate Always Sign.
Negotiate NTLM2 Key.
Target Information block provided for use in calculation of the NTLMv2 response.
Supports 56-bit encryption.
Supports 128-bit encryption.
Client will provide master key in Type 3 Session Key field.
lmresp_Offset: 136; lmresp_Length: 24; lmresp_Length2: 24
ntresp_Offset: 160; ntresp_Length: 24; ntresp_Length2: 24
Domain_Offset: 88; Domain_Length: 16; Domain_Length2: 16
User_Offset: 104; User_Length: 14; User_Length2: 14
Host_Offset: 118; Host_Length: 18; Host_Length2: 18
msg_len: 184
Domain: XXX
User: YYY
Host: ZZZ
提示输入凭据(但应用程序仍加载)的用户如下所示:
-[NTLM Type3: Authentication]------------------------------
Provider: NTLMSSP
Type: 3
OS Version: 5.1:2600
Flags: 0xa2888205
Unicode supported in security buffer.
Request server's authentication realm included in Type2 reply.
NTLM authentication.
Negotiate Always Sign.
Negotiate NTLM2 Key.
Target Information block provided for use in calculation of the NTLMv2 response.
Supports 56-bit encryption.
Supports 128-bit encryption.
lmresp_Offset: 118; lmresp_Length: 24; lmresp_Length2: 24
ntresp_Offset: 142; ntresp_Length: 24; ntresp_Length2: 24
Domain_Offset: 72; Domain_Length: 16; Domain_Length2: 16
User_Offset: 88; User_Length: 12; User_Length2: 12
Host_Offset: 100; Host_Length: 18; Host_Length2: 18
msg_len: 166
Domain: XXX
User: VVV
Host: WWW
lm_resp: 11 E3 1E 09 74 1E 9B 8A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
nt_resp: 98 BF FC 1C BF 65 EE 46 6A 71 26 5E 14 5D 34 CA 1F 1A E2 4A 00 1D BC 58
------------------------------------
标题看起来非常相似,但是对于不起作用的情况,缺少以下标志:
我一直在谷歌搜索几天,我似乎无法确定这些密钥的来源!这与浏览器设置有关吗?帐户设置? IIS设置?
非常感谢任何建议!