XMLHTTP请求基本身份验证问题 [英] XmlHttp Request Basic Authentication Issue

问题描述

我有以下的code，它创建XMLHTTP类的服务器端对象。我试图连接到需要基本身份验证的网站。我能够得到这个与下面的code工作。

这是什么问题？嗯，我使用公开征集传递凭据。这本身是不够的。我还必须设置授权头用人工计算的base64 EN codeD的用户名：密码组合。如果我尝试设置页眉不传递凭据公开征集，它失败。叫我疯了，但是当我凭据传递到开放，这就是我应该做的。如果我设置页眉，这就是我应该做的。对？这样做既看起来似乎是不正确的。对吧？

这是一个错误或毛刺？

其他背景是：
IIS 5和ASP经典
当这两个项目被省略的一个是HTTP状态401接收到的错误：
您无权查看此页
您没有权限使用您提供的，因为你的Web浏览器正在发送WWW身份验证头字段Web服务器未配置为接受凭据查看该目录或页面。

由于IIS发出请求我不能跟Fiddler检查它： - （

 设置XMLHTTP =的Server.CreateObject（MSXML2.ServerXMLHTTP.6.0）
xmlhttp.setTimeouts 5000，5000，10000，10000'MS  - 解析，连接，发送，接收
xmlhttp.openGET，http://example.com/，假用户名，密码
xmlhttp.setRequestHeader授权，基本dXNlcm5hbWU6cGFzc3dvcmQ =
xmlhttp.send
 

解决方案

我相信你打的这已知的限制（或缺陷），可以归结为缺乏MSXML2（或不正确有）支持协商认证机制，这意味着你必须强制问题（旁路不正确的进行谈判）正是自己添加授权头，你正在做的。

I have the following code that creates a serverside object of the xmlhttp class. I am trying to connect to a site that requires basic authentication. I am able to get this to work with the code below.

What's the problem? Well I'm passing the credentials using the open call. That alone is not enough. I must also set the authorization header with the manually calculated base64 encoded username:password combination. If I try to set the header without passing the credentials to the open call, it fails. Call me crazy, but when I pass the credentials to the open, that's all I should have to do. If I set the header, that's all I should have to do. Right? Doing both seems like something isn't right. Right?

Is this a bug or a glitch?

Additional background is: IIS 5 & ASP Classic The error received when one of the two items is ommitted is an HTTP Status 401: "You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept."

Since IIS is making the request I'm not able to inspect it with Fiddler :-(

Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xmlhttp.setTimeouts 5000, 5000, 10000, 10000 'ms - resolve, connect, send, receive
xmlhttp.open "GET", "http://example.com/", False, "username", "password"
xmlhttp.setRequestHeader "Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
xmlhttp.send

解决方案

I believe you're hitting this known limitation (or bug) that can be boiled down to msxml2 lacking (or having incorrect) support for "negotiated" authentication mechanisms, which means you have to force the issue (bypass the incorrectly-conducted negotiation) exactly by adding the authorization header yourself as you're doing.

这篇关于XMLHTTP请求基本身份验证问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！