我正在尝试在Intranet Web应用程序上使用NTLM身份验证。该设置在Server 2008 R2上使用IIS 7.5。
当我导航到该页面时,我启用了Windows身份验证,对话框已正确显示,并允许我在Chrome和Firefox中进行身份验证,但IE似乎正在发送错误的协商令牌。
我假设IE配置不正确,虽然我已经搜遍了所有并且无法弄清楚出了什么问题。
我运行Fiddler,首次点击页面时从服务器发回的标题如下所示:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 03 Dec 2015 21:49:09 GMT
Content-Length: 6333
Proxy-Support: Session-Based-Authentication
当我尝试使用不同的浏览器登录时,响应如下所示。 Firefox和Chrome响应都成功,IE失败了。哦,我也尝试过IE 11,但也失败了。我假设标题看起来很相似但我可以提供,如果有人想看到它。
对IE的错误有任何想法,我们将不胜感激。
Firefox使用以下命令响应服务器:
Host: intranet.gwlisk.com:81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
Chrome通过以下方式响应服务器:
Host: intranet.gwlisk.com:81
Connection: keep-alive
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
IE使用以下命令响应服务器:
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: intranet.gwlisk.com:81
Authorization: Negotiate YIIGDQYGKwYBBQUCoIIGATCCBf2gMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBccEggXDYIIFvwYJKoZIhvcSAQICAQBuggWuMIIFqqADAgEFoQMCAQ6iBwMFACAAAACjggShYYIEnTCCBJmgAwIBBaEMGwpHV0xJU0suQ09NoiYwJKADAgECoR0wGxsESFRUUBsTSU5UUkFORVQuZ3dsaXNrLmNvbaOCBFowggRWoAMCARKhAwIBLKKCBEgEggREiBz3izdz2e6f2QlRDCsMUyiXrIeosQvaD3n9RzikkU2ng01QLltM0IVSiSCp3jb0vF4CyRJ/ANk19hQ9rNiFA9A4PBBWvvK9/FKtedv8fw3wVun0ZUXs0cGwNjAM25gRveWb3GVRwgZWa4/NHVmS6cg3wVXbQtM0izJT4IAQEuuhGHGT6dJvnuEj8rpZn+JWdPBvoVDcMnhAQVvZpT5aDtb94WJNxrpGt+H5BXN4/MV4UNQh9T4fFvhe5yTb3nqaDnhR7p6X2V4ZBDqbNuRh9AtSHQ8IdReE0El41b1kAhbqBAKnFmI3H1mNY/SQUaGisEmNC0ZXz9fZL/f5ig6CLSuNAND97c76UlhAm80yYMXYyk+XxPepczlMziyvL//bbdJ2l9K9EJineQ5UsmsERPp9EXaAwI6IzUxjCJ9e4y6mwQTllAKkvz4QCzI2N5CoMuo5T7fChSOf64WElPR9eez345/NsgAgQm0EqG6CC0WlD1UFIlgdxaPnhaAyFUi+bGxAx5Ih1yiNfsjCBd78sBn4rdnoYmqWpXnJF4xeR5vfhBSONXHwdLvrIXXmXMua+XBo6HhShE/e+3UHZm/S7fRgX8kbuADOjveKb7NEhlPCkWjPoqBbH6vC8nQ7Ul/Nwh4sbQJTTnGOnu5MPMfFNSFq/Ey4cjz300xMGwK9bJlLkcaEeRBG/ehoNeCOxJ8FuJTWP933uCpKsNaQQ+3P3bEeWye7V3srjG2SiFpP/5l04pwagQbCFtabSl1WAp+W8JkCIsc5pJlZKh1FkV+YGzpdPYrlf7q9PimCEESIDl4wGaAJqT2hgHCi15fViAPXFnQDiKwNd3skuHpjKZbt3Od67J3eLm1hjutX+bO5j1aVkFpci/6DEsnUYNOKttFGaEeyGy/3urEpI3rPWvpdLCgnueplkdf/ay9I58adCaF8DnW9uQ7s9SrhXL5PyMY1mWjeyl5/kKKAHEWXX1TgaPXVjt/pwJ861dTiXkryzpNE26IGjvvXpa7ixfCW+8Z8JDRQPhRiq56AvgMo3M05IBaLBLRfUDJ8Q9+UMIUNx+GLosfXgtqUQnfcX5oAVagXX4ejk3kX0ci8DS2wJBic9VZToFcKD3tG6tT2WKA3AX+++yk95UMQQSDBeJVBb2dgVM0ee1Ks2qFsMin4I7+DxAGvaPol3JN3EMA+qcufvu9EdYTKGdbyMCBD4qCECpPkDyF8ffdCrzBYj11mzMHG1OG926jhkZqBV0ZsJg22DorxHK6P+ZiU519JxwC/cxOR8R3MrutnuR+umuwEWzNdN0TdjvADLpLKlz0bsUfr5Hrphfg1/5HlHTIcYYWtW+9tcrpf7Pz+cEZLlFXaWcz6z/epUISwYOZt0rMDmi7GyVKGxQ8uyTQVq6szvv3la8olfzQhaI22jgXyuTotDobf9yDQxNyo4aR6jgJmQik7uojhbpEBpIHvMIHsoAMCARKigeQEgeHuXoC4DBkyyg7aiwf79OzunlBTFj/PXwyFXev5e5goqYbQIbNiXXRktrXZOMqZFqdVeMLSkfHfxTazso1tdjSrQT4mtIlLQ9SO+azMCvKnVrYjF/NMCZ3ePb/vjvPrlZh1r/9Nupce5HSDe+6upM8aYkC6+nCKHOC4ykiCWUZhFkdXERU+3L6C1IaL+PgU3yeD6ri+SVbYVUNw3cTR/luR6BZef66A4Ga7uOYgXCd/d4CxS6PIg5VqYZLqHkSLK8UbvwUQuN/XWLR5wpGZr3DRgZ0+ZT6lVUansy8ab8VxkSk=
答案 0 :(得分:0)
似乎IE传递的令牌是Kerberos令牌而不是NTLM令牌(如果我的术语正确)。我通过删除实现Kerberos身份验证的协商提供程序解决了这个问题,现在一切都按预期工作。