我可以做的HttpWebRequest包括Windows凭据,而无需等待401的挑战? [英] Can I make HttpWebRequest include windows credentials without waiting for a 401 challenge?
问题描述
我的应用程序与内部Web API,它需要提供认证服务。
My app communicates with an internal web API that requires authentication.
当我送我得到预期的401挑战请求,握手时,身份验证的请求被重新发送,一切都将继续正常。
When I send the request I get the 401 challenge as expected, the handshake occurs, the authenticated request is re-sent and everything continues fine.
然而,我知道的身份验证是必需的。为什么我要等的挑战?我可以强制发送凭据在首先请求请求?
However, I know that the auth is required. Why do I have to wait for the challenge? Can I force the request to send the credentials in the first request?
我的请求产生是这样的:
My request generation is like this:
private static HttpWebRequest BuildRequest(string url, string methodType)
{
var request = HttpWebRequest.CreateHttp(url);
request.PreAuthenticate = true;
request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested;
request.Credentials = CredentialCache.DefaultNetworkCredentials;
request.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
request.ContentType = CONTENT_TYPE;
request.Method = methodType;
request.UserAgent = BuildUserAgent();
return request;
}
即使有这种code中,身份验证首标不包括在初始请求。
Even with this code, the auth header isn't included in the initial request.
我知道如何包括与验证信息基本....我想要做的是使用执行应用程序的用户的Windows身份验证(所以我不能存储在配置文件中的密码)。
I know how to include the auth info with basic.... what I want to do is to use Windows Auth of the user executing the app (so I can't store the password in a config file).
更新我也试过用的HttpClient 和自己的 .Credentials 财产相同的结果:没有身份验证首标被添加到初始请求
UPDATE I also tried using a HttpClient and its own .Credentials property with the same result: no auth header is added to the initial request.
在仅的办法,我能得到身份验证标头中是破解它的手动使用的基本的认证(这将不是这个用例飞)
The only way I could get the auth header in was to hack it in manually using basic authentication (which won't fly for this use-case)
推荐答案
NTLM是一种质询/响应身份验证协议。需要使第一请求,以便服务器可以发出挑战,然后在后续请求的客户端发送响应于所述挑战。然后,服务器验证用给它的挑战和客户端发送的响应域控制器这种反应。 如果不知道所面临的挑战,你不能发送这就是为什么需要2请求的响应。
Ntlm is a challenge/response based authentication protocol. You need to make the first request so that the server can issue the challenge then in the subsequent request the client sends the response to the challenge. The server then verifies this response with the domain controller by giving it the challenge and the response that the client sent. Without knowing the challenge you can't send the response which is why 2 requests are needed.
基本身份验证是基于密码的,所以你可以通过发送第一个请求,但以我的经验凭据短路这这可能是一个问题,对于一些服务器来处理。
Basic authentication is password based so you can short circuit this by sending the credentials with the first request but in my experience this can be a problem for some servers to handle.
更多可用的细节在这里: <一href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx">http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx
More details available here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx
这篇关于我可以做的HttpWebRequest包括Windows凭据,而无需等待401的挑战?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
