IMAP邮件服务器上的Web应用程序中的直通NTLM身份验证 [英] Pass-through NTLM authentication in a web app on an IMAP mail server
问题描述
我需要在Web应用程序中针对IMAP邮件服务器使用NTLM身份验证. Web应用程序本身中的身份验证也是NTLM.因此,用户打开Web应用程序界面,并且Web服务器端在邮件服务器上抓取该用户的收件箱,并通过NTLM进行身份验证.如果我从不存储(也无权访问)用户密码,那有可能吗?
I'm in need of using NTLM authentication in my web application against an IMAP mail server. Authentication in the web app itself is NTLM too. Thus, the user opens the web app interface and the web server end grabs the inbox of that user on the mail server authenticating via NTLM. Is that possible if I never store (neither I have access to) the user's password?
是否可以通过我的Web应用程序链接客户端的浏览器和IMAP服务器,以便在它们之间进行令牌交换,而我只是充当它们之间的网关.或者,还有其他方法可以在不知道密码的情况下完成此任务吗?
Is there any way to link the client's browser and the IMAP server via my web app so that token exchange would occur between them and I would just act as a gateway between them. Or, is there any other method to accomplish this task without knowing the password?
Web应用程序可以是asp.net/iis或php/apache.两种选择都对我有用.
The web app can be asp.net/iis or php/apache. Either option will work for me.
推荐答案
看起来我昨天过得很糟糕,否则不知道为什么我无法弄清楚那段时间,因为它是如此简单!
Looks like I had a bad day yesterday, otherwise have no idea why I couldn't figure it out that time as it's so simple!
如果启用了Windows身份验证,则Web应用程序已获取访问该应用程序的该交互式用户的上下文.然后,我可以通过集成Windows身份验证对启用了NTLM的IMAP服务器进行身份验证,就像在桌面应用程序中一样.
If Windows authentication is enabled, the web app already gets the context of that interactive user who accessed the app. I can then authenticate against NTLM-enabled IMAP server via Integrated Windows Authentication just the same way I would in a desktop application.
即它们的关键点在于,Web应用程序无需以某种方式将NTLM令牌从浏览器传递到IMAP服务器.这只是一个两个阶段的过程: -首先,浏览器(在交互式用户下运行)通过winapi函数创建NTLM令牌,并将其发送到Web应用程序,以便最终该应用程序获取该交互式用户上下文 -然后,在交互式用户上下文下运行的Web应用将通过相同的winapi函数创建一个新令牌,并将其发送到IMAP服务器.
I.e. they key point is that there is no need in the web app to somehow pass NTLM token from the browser to the IMAP server. It's just a two stages process: - first, the browser (running under interactive user) creates NTLM token via winapi functions and sends it to the web app so that finally the app acquires that interactive user context - then, the web app running under the interactive user context creates a new token via the same winapi functions and sends it to the IMAP server.
这篇关于IMAP邮件服务器上的Web应用程序中的直通NTLM身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
