我对使用IIS和HttpListner进行Windows身份验证有疑问
我有以下设置(所有安装在相同的Windows 8.1框中。无外部通信)。所有请求均以http://localhost/ ...
发送ASP.Net Web应用程序身份验证
Anonymous: Disabled
Windows Authentication: Enabled
作为服务运行,以本地系统帐户身份运行。并启用Windows身份验证
this.httpListener = new HttpListener();
this.httpListener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
UWP Application就像一个网络浏览器。它具有WebView控件,可以查看Web内容。
已启用以下功能
当我从uwp应用程序导航到IIS Web应用程序时,它会通过弹出Windows对话框来要求提供凭据。对于用户体验而言,这很烦人,因为用户使用相同的凭据登录。但是,当我访问Http Listener时,它可以正确进行身份验证并且没有凭据对话框。
我也通过提琴手检查了请求。初始请求是相同的,但是对于IIS请求的后续步骤,它一直在请求NTLM。
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate oYHOMIHLoAMKAQGhDAYKKwYBBAGCNwICC........
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
初始请求/响应
请求
GET http://localhost/webapp_net/ HTTP/1.1
Accept-Encoding: gzip, deflate
Host: localhost
Connection: Keep-Alive
回复
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
Date: Tue, 20 Nov 2018 21:37:24 GMT
Content-Length: 6016
Proxy-Support: Session-Based-Authentication
请求
GET http://localhost/appman HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-NZ
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; WebView/2.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: localhost
回复
HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Tue, 20 Nov 2018 21:37:18 GMT
Proxy-Support: Session-Based-Authentication
有人对此有类似的经验或解释吗?