Bootstrap
登录 注册

两个站点使用相同的 IIS 服务器,RunImpersonation HttpClient 传递空的 NTLM 凭据

asp.net-coreauthenticationiishttpclient
发布时间:2021-03-08 13:32

我在同一个 IIS 实例上有两个站点。一个使用 HttpClient 从另一个请求数据。它们都仅配置了 Windows 身份验证。这些都是 ASPNET Core 3.1。

当我浏览到第一个站点时,它进行了身份验证,但是当它调用另一个站点时,它返回 401。我验证了用户身份是正确的。

var baseUri = new Uri(AppSettings.CurrentValue.MyBaseUrl);

var user = (WindowsIdentity)HttpContext.User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
    AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

    var credentialCache = new CredentialCache {{baseUri, "NTLM", CredentialCache.DefaultNetworkCredentials}};
    var httpClientHandler = new HttpClientHandler {Credentials = credentialCache};
    using HttpClient httpClient = new HttpClient(httpClientHandler) { BaseAddress = baseUri };
 
    var response = httpClient.GetAsync("/home/test").Result;
 
    var content = response.IsSuccessStatusCode
        ? response.Content.ReadAsStringAsync().Result
        : response.StatusCode.ToString();
}

Wireshark 显示对第一个站点 /home/test1 的调用,并显示正确传递的用户凭据,

GET /home/test1 HTTP/1.1 
HTTP/1.1 401 Unauthorized  (text/html)
GET /home/test1 HTTP/1.1 , NTLMSSP_NEGOTIATE
HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
GET /home/test1 HTTP/1.1 , NTLMSSP_AUTH, User: COMPANY\fbloggs

相同的跟踪显示跳转到第二个站点 /home/test2,并显示空域和用户名,

GET /home/test2 HTTP/1.1 
HTTP/1.1 401 Unauthorized  (text/html)
GET /home/test2 HTTP/1.1 , NTLMSSP_NEGOTIATE
HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
GET /home/test2 HTTP/1.1 , NTLMSSP_AUTH, ** User: \ **
    GET /home/test2 HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /home/test2 HTTP/1.1\r\n]
            [GET /home/test2 HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /home/test2
        Request Version: HTTP/1.1
    Connection: Keep-Alive\r\n
    Request-Id: |60fb71bd-482efe66c05094ec.1.\r\n
    Host: testserver\r\n
    Authorization: NTLM TlRMTVNTUAADAAAAAQDADEIAAAAAAAAAcwAAAAAAAABYAAAAAAAAAFgAAAAaABoAWAAzAAAABYqIogoAY0UAAAAPvaq0nk2I7YcqJmq01EbY20IASDTATGSAGVAALQBXAEUAQgAyADEAAA==\r\n
        NTLM Secure Service Provider
            NTLMSSP identifier: NTLMSSP
            NTLM Message Type: NTLMSSP_AUTH (0x00000003)
            Lan Manager Response: 00
            NTLM Response: Empty
            Domain name: NULL
            User name: NULL
            Host name: TESTSERVER
            Session Key: Empty
            Negotiate Flags: 0xa2888a05, Negotiate 56, Negotiate 128, Negotiate Version, Negotiate Target Info, Negotiate Extended Security, Negotiate Always Sign, Negotiate Anonymous, Negotiate NTLM key, Request Target, Negotiate UNICODE
            Version 10.0 (Build 17763); NTLM Current Revision 15
                Major Version: 10
                Minor Version: 0
                Build Number: 17763
                NTLM Current Revision: 15
            MIC: bdaab49e4d88ed872a266ab4d446d8db
HTTP/1.1 401 Unauthorized  (text/html)
回答1
asp.net-core 相关推荐
authentication 相关推荐
iis 相关推荐
httpclient 相关推荐