MonoTouch支持访问Mono.Security.Protocol.Ntlm.NtlmFlags [英] MonoTouch support for accessing Mono.Security.Protocol.Ntlm.NtlmFlags
问题描述
我们使用NTLM身份验证从MonoTouch应用程序访问ASP.net Web服务,并且一切正常.
We use NTLM auth to access an ASP.net web services from our MonoTouch app and everything works fine.
我们的一位客户使用相同的应用程序,但我们的应用程序无法通过NTLM身份验证,但可以在iPad的Safari浏览器中运行.
One of our customers uses the same app and the NTLM auth fails from our app but works from the iPad's Safari browser.
查看来自客户的数据包流,当我们的应用发送NTLMSSP_NEGOTIATE消息时,服务器未返回NTLMSSP_CHALLENGE.
Looking at the packet flow from the customer, the server does not return NTLMSSP_CHALLENGE, when our app sends NTLMSSP_NEGOTIATE message.
查看我们的应用程序的NTLMSSP_NEGOTIATE消息与iPad的Safari相同消息之间的差异
我们的MT应用程序将NTLM标志设置为0xb203,而Safari将其设置为0x88207.
在我们的应用程序中NegotiateNtlm2Key设置为0,在Safari中设置为1
我们的应用程序还会发送呼叫工作站的域和名称字段,而Safari都将其发送为null.
Looking the differences between our app's NTLMSSP_NEGOTIATE message and iPad's Safari same message
Our MT app sets the NTLM flags to 0xb203 and Safari sets this to 0x88207.
The NegotiateNtlm2Key is set to 0 in our app and 1 in Safari
Our app also sends the calling workstation domain and name fields whereas Safari send both as null.
客户端的服务器是Windows Server 2003,它们还使用Kerberos作为其主要身份验证方案,并依赖于NTLM.
The client's server is Windows Server 2003 and they also use Kerberos as their main authentication scheme and fall back on NTLM.
是否可以在Mono.Security.Protocol.Ntlm.NtlmFlags帮助中设置NegotiateNtlm2Key标志?
Would setting the NegotiateNtlm2Key flags in Mono.Security.Protocol.Ntlm.NtlmFlags help?
推荐答案
NTLMv2会话和NTLMv2身份验证现已在Mono中实现(单/主提交45745e5 ).
NTLMv2 Session and NTLMv2 Authentication has now been implemented in Mono (mono/master commit 45745e5).
有关不同的NTLM版本的说明,请参见本文.
See this article for a description of the different NTLM versions.
默认情况下,无论服务器何时支持,Mono现在都会使用NTLMv2会话身份验证,并退回到LM&否则为NTLM.
By default, Mono now uses NTLMv2 Session Authentication whenever the server supports it and falls back to LM & NTLM otherwise.
可以使用Mono.Security.dll中的新Mono.Security.Protocol.Ntlm.Type3Message.DefaultAuthLevel属性来配置默认行为(请参阅
The default behavior can be configured by using the new Mono.Security.Protocol.Ntlm.Type3Message.DefaultAuthLevel property in Mono.Security.dll (see Type3Message.cs and NtlmAuthLevel.cs in mcs/class/Mono.Security/Mono.Security.Protocol.Ntlm).
这类似于Windows中的 Lan Manager身份验证级别.
This is similar to the Lan Manager Authentication Level in Windows.
更新13年1月26日
Microsoft Server 2008 RC2存在一个问题,即它不接受它在类型2消息的目标名称(或目标信息块中的域名)中发回的域名.
There has been an issue with Microsoft Server 2008 RC2 not accepting the domain name that it sent back in the Type 2 Message's Target Name (or Domain Name from the Target Info block).
因此,我们现在正在使用NetworkCredential中的域名,以允许用户指定所需的域.这也是最初在类型1消息"中发送到服务器的域名.
Therefore, we are now using the domain name from the NetworkCredential to allow the user to specify the desired domain. This is also the domain name that's initially being sent to the server in the Type 1 Message.
这篇关于MonoTouch支持访问Mono.Security.Protocol.Ntlm.NtlmFlags的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
