Firefox 或 IE 无法发送 NTML 标头
我目前正在开发一个 ASP.NET 应用程序,我想获取用户名和名称。当前用户/请求的工作站。
我想使用 NTLM 和带有 WWW-Authenticate: NTLM HTTP 标头的 Authorization。
我已在 Firefox 4 中启用了这些设置:
network.negotiate-auth.trusted-uris = http://localhost
network.negotiate-auth.delegation-uris = http://localhost
network.automatic-ntlm-auth.trusted-uris = http://localhost
network.ntlm.send-lm-response = true
但我在 Firebug 或我的应用程序中没有获得授权标头(使用 Request.Headers)。
我也尝试过使用 IE 9,但它也不发送。
我在这里错过了什么吗?
我认为一旦我为可信 uri 启用了每个请求,它们就会自动发送,并且它们也会在 IE 中自动发送,至少在 Intranet 中。
ASP 应用程序使用表单身份验证,它应该保持这种方式作为后备。
I'm currently developing an ASP.NET App and I want to get the Username & Workstation of the current User/Request.
I want to use NTLM and the Authorization with the WWW-Authenticate: NTLM HTTP-Headers.
I've enabled these settings in Firefox 4:
network.negotiate-auth.trusted-uris = http://localhost
network.negotiate-auth.delegation-uris = http://localhost
network.automatic-ntlm-auth.trusted-uris = http://localhost
network.ntlm.send-lm-response = true
But I don't get the Authorization Header in Firebug or in my app (using Request.Headers).
I've also tried with IE 9, but it doesn't send it either.
Am I missing something here?
I thought they get send automatically with each request once I've enabled it for the trusted uris and they are send automatically in IE, too, at least in intranets.
The ASP app uses forms authentication and it should stay this way as a fallback.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
仅当浏览器收到带有相应
WWW-Authenticate标头(NTLM 和/或 Negoriate)的 401 错误时,才会发送 NTLM/Negotiate 标头。然后浏览器会默默地发出另一个请求,其中包含您正在寻找的标头:NTLM,您将被要求输入登录/密码。然后如果浏览器再次收到401错误,则会再次弹出login/pwd提示窗口。这将重复,直到正确的凭据或按下取消。从第二个请求开始,应用程序将获取身份验证标头。协商的情况下,仅当浏览器无法授权您时,才会要求您登录/密码。其余与 NTLM 相同。在任何其他请求中,不会发送这些标头。以及启用匿名身份验证和/或禁用请求资源的 Windows 时。
Browser sends NTLM/Negotiate headers only when he gets 401 error with a corresponding
WWW-Authenticateheader (NTLM and/or Negoriate). Then browser silently makes one more request with a headers your are looking for:NTLMbefore this silent request you will be asked for login/pwd. Then if browser receive 401 error again, login/pwd prompt window pop-ups again. And this will repeate until either correct credentials or Cancel would pressed. Each request from the second, the application will get authentication headers.Negotiateyou will be asked for login/pwd only if browser were unable to authorize you. The rest is the same as that for NTLM.In any other requests these headers are not sent. As well as when anonymous authentication enabled and/or windows one disabled for requested resource.
如果您在 IIS 中启用了匿名身份验证,它将默认使用该身份验证。为了使用 NTLM,您必须禁用匿名身份验证。
If you have anonymous authentication enabled in IIS, it will use that by default. In order to use NTLM you have to disable anonymous authentication.