Internet Explorer 11替换授权标头||使用document.execCommand('ClearAuthenticationCache','false')后甚至没有工作;

时间:2018-01-04 06:14:10

标签: asp.net angularjs ajax jwt internet-explorer-11

什么会导致Internet Explorer替换HTTP标头

  S'  staging
 /
A---X'  dev
 \
  P'  production


Authorization : Bearer <server-provided-token>

发出AJAX请求时?

在Internet Explorer中,一些配置为包含标题Authorization : Negotiate <some token> 的AJAX请求由Internet Explorer发送,而标题为Authorization: Bearer ...

例如,Fiddler显示三个请求中的前两个包含Authorization: Negotiate ...标头,而第三个请求突然包含Authorization : Bearer...标头。前两个请求成功,第三个请求失败,因为请求无法正确验证。

所有请求都是使用相同的客户端代码构建的,并且是一个接一个地发出的(在一秒钟内)。我已经验证了Authorization标头在所有三种情况下都正确包含Bearer令牌,直到请求提供给浏览器为止。

另外,我在Chrome中看不到相同的行为;它只发生在IE中。

请求1 

Authorization : Negotiate...

请求2 

GET http://localhost/myapp/api/User HTTP/1.1
Accept: application/json, text/plain, */*
Authorization: Bearer oEXS5IBu9huepzW6jfh-POMA18AUA8yWZsPfBPZuFf_JJxq-DKIt0JDyPXSiGpmV_cpT8FlL3D1DN-Tv5ZbT73MTuBOd5y75-bsx9fZvOeJgg04JcO0cUajdCH2h5QlMP8TNwgTpHg-TR9FxyPk3Kw6bQ6tQCOkOwIG_FmEJpP89yrOsoYJoCfrAoZ7M4PVcik9F9qtPgXmWwXB2eHDtkls44wITF_yM_rPm5C47OPCvMVTPz30KwoEPi6fHUcL3qHauP-v9uypv2e48TyPHUwLYmNFxyafMhBx4TkovnRcsdLHZiHmSjMq0V9a2Vw70
Referer: http://localhost/client/login.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: localhost
DNT: 1
Connection: Keep-Alive

请求3 

POST http://localhost/myapp/api/Permissions HTTP/1.1
Referer: http://localhost/client/#/Dashboard
Content-Type: application/json
Authorization: Bearer oEXS5IBu9huepzW6jfh-POMA18AUA8yWZsPfBPZuFf_JJxq-DKIt0JDyPXSiGpmV_cpT8FlL3D1DN-Tv5ZbT73MTuBOd5y75-bsx9fZvOeJgg04JcO0cUajdCH2h5QlMP8TNwgTpHg-TR9FxyPk3Kw6bQ6tQCOkOwIG_FmEJpP89yrOsoYJoCfrAoZ7M4PVcik9F9qtPgXmWwXB2eHDtkls44wITF_yM_rPm5C47OPCvMVTPz30KwoEPi6fHUcL3qHauP-v9uypv2e48TyPHUwLYmNFxyafMhBx4TkovnRcsdLHZiHmSjMq0V9a2Vw70
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: localhost
Content-Length: 1419
DNT: 1
Connection: Keep-Alive
Pragma: no-cache

<Post Data Removed>

请求是通过AngularJS GET http://localhost/myapp/api/UserPreferences/Dashboard HTTP/1.1 Referer: http://localhost/client/#/Dashboard Content-Type: application/json Authorization: Negotiate YHsGBisGAQUFAqBxMG+gMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI7BDlOVExNU1NQAAEAAACXsgjiBgAGADMAAAALAAsAKAAAAAYBsR0AAAAPVk1ERVZFTlYtU1JTQ0VSSVM= Accept: application/json, text/plain, */* Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Connection: Keep-Alive DNT: 1 Host: localhost 服务进行的,后端是IIS中托管的ASP.NET Web API。

我尝试用

修复此问题 
$http

但这导致了另一个问题。也就是说,如果我在我的应用程序中使用基于表单的身份验证登录,那么在页面刷新时,IIS会选择经过Windows身份验证的用户,并将当前登录的用户更改为窗口的经过身份验证的用户。

0 个答案:

没有答案
相关问题
最新问题