XmlHttp 请求基本身份验证问题 [英] XmlHttp Request Basic Authentication Issue
问题描述
我有以下代码创建 xmlhttp 类的服务器端对象.我正在尝试连接到需要基本身份验证的站点.我可以让它与下面的代码一起工作.
I have the following code that creates a serverside object of the xmlhttp class. I am trying to connect to a site that requires basic authentication. I am able to get this to work with the code below.
有什么问题?好吧,我正在使用公开调用传递凭据.仅此还不够.我还必须使用手动计算的 base64 编码的用户名:密码组合设置授权标头.如果我尝试设置标头而不将凭据传递给 open 调用,则会失败.说我疯了,但是当我将凭据传递给公开时,这就是我应该做的一切.如果我设置标题,这就是我应该做的.对?两者都做似乎有些不对劲.对吧?
What's the problem? Well I'm passing the credentials using the open call. That alone is not enough. I must also set the authorization header with the manually calculated base64 encoded username:password combination. If I try to set the header without passing the credentials to the open call, it fails. Call me crazy, but when I pass the credentials to the open, that's all I should have to do. If I set the header, that's all I should have to do. Right? Doing both seems like something isn't right. Right?
这是错误还是故障?
附加背景是:IIS 5 和ASP 经典省略两项之一时收到的错误是 HTTP 状态 401:您无权查看此页面您无权使用您提供的凭据查看此目录或页面,因为您的 Web 浏览器正在发送 Web 服务器未配置为接受的 WWW-Authenticate 标头字段."
Additional background is: IIS 5 & ASP Classic The error received when one of the two items is ommitted is an HTTP Status 401: "You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept."
由于 IIS 发出请求,我无法使用 Fiddler 检查它:-(
Since IIS is making the request I'm not able to inspect it with Fiddler :-(
Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xmlhttp.setTimeouts 5000, 5000, 10000, 10000 'ms - resolve, connect, send, receive
xmlhttp.open "GET", "http://example.com/", False, "username", "password"
xmlhttp.setRequestHeader "Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
xmlhttp.send
推荐答案
我相信你会遇到 这个已知的限制(或错误)可以归结为 msxml2 缺少(或不正确)对协商"身份验证机制的支持,这意味着您必须强制解决问题(绕过不正确执行的协商)完全通过自己添加授权标头来完成.
I believe you're hitting this known limitation (or bug) that can be boiled down to msxml2 lacking (or having incorrect) support for "negotiated" authentication mechanisms, which means you have to force the issue (bypass the incorrectly-conducted negotiation) exactly by adding the authorization header yourself as you're doing.
这篇关于XmlHttp 请求基本身份验证问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
