同时使用SSL加密和NTLM身份验证的HttpClient失败 [英] HttpClient using both SSL encryption and NTLM authentication fails

问题描述

我正在尝试在使用SSL加密(https)和NTLM身份验证的Sharepoint 2010服务器上进行简单的REST调用.当服务器设置为不需要SSL(仅出于测试目的，服务器将在生产中要求SSL)时，我的NTLM身份验证和后续的REST调用可以使用HttpClient正常运行.但是，启用SSL后，身份验证将不再起作用.

I'm trying to do simple REST calls on a Sharepoint 2010 server that uses SSL encryption (https), as well as NTLM authentication. When the server is set up to not require SSL (just for testing, the server will require SSL in production), my NTLM authentication and subsequent REST calls work fine using HttpClient. However, when SSL is enabled, the authentication no longer works.

以下是用于SSL处理的代码(设置为接受所有证书):

Here's the code for the SSL handling (set to accept all certs):

    SSLContext sslContext = SSLContext.getInstance("TLS");

    // set up a TrustManager that trusts everything
    sslContext.init(null, new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public void checkClientTrusted(X509Certificate[] certs,
                String authType) { }

        public void checkServerTrusted(X509Certificate[] certs,
                String authType) { }
    } }, new SecureRandom());

    SSLSocketFactory sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

    Scheme httpsScheme = new Scheme("https", 443, sf);
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(httpsScheme);

    ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry);

接着执行NTML和HTTP GET调用的代码:

Followed by the code to do NTML and the HTTP GET call:

    HttpParams params = new BasicHttpParams();

    DefaultHttpClient httpclient = new DefaultHttpClient(cm, params);

            // Set up the NTLM credentials
    NTCredentials creds = new NTCredentials(USERNAME, PASSWORD, MACHINE, DOMAIN);
    httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);

            // Setup the HTTP GET and execute it
    HttpHost target = new HttpHost(HOSTNAME, 443, "https");

    HttpContext localContext = new BasicHttpContext();
    HttpGet httpget = new HttpGet("/site/_vti_bin/ListData.svc/TestList");
    HttpResponse response1 = httpclient.execute(target, httpget, localContext);

我总是得到的答复是:

 HTTP/1.1 400 Bad Request
 The server encountered an error processing the request. See server logs for more details.

请注意，我已经使用FireFox Poster和CURL以编程方式完成我要在此处进行的操作，并且效果很好.因此，服务器似乎已正确设置.

Note that I've used FireFox Poster and CURL to do the same thing I'm trying to do here programmatically, and it works fine. So the server appears to be set up correctly.

感谢您的时间！

推荐答案

为其他有此问题的人提供帮助.

Documenting this for other who may have this problem.

问题是IIS服务器设置为允许匿名登录.显然，存在一个错误，如果设置了该错误，则在该安装下到共享点实例的任何REST或SOAP连接都不会成功.似乎在REST/SOAP URL中添加了字符串"anonymous"，这当然使它指向了不存在的服务.在关闭允许在IIS实例上进行匿名登录的功能之后，这些调用就可以了.

The problem was that the IIS server was set to allow anonymous logins. Apparently, there's a bug where if this is set, any REST or SOAP connections to sharepoint instances under that installation will not succeed. It appeared as though the string "anonymous" was being added to the REST/SOAP URLs, which of course, made it point to a nonexistent service. After we turned off allowing anonymous login on the IIS instance, the calls worked.

这篇关于同时使用SSL加密和NTLM身份验证的HttpClient失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！