使用ntlm身份验证的curl在命令行中有效,但在php中不起作用 [英] curl with ntlm authentication works in command line but not inside php
问题描述
我必须使用CURL从Centos主机连接到IIS.
I have to connect from a Centos Host to a IIS with curl.
在-ntlm 选项中使用 curl 可以在命令行上正常工作,但在php中则不能.服务器是Microsoft IIS,首先回答401未经授权,第二次回答200 OK.
Using curl with --ntlm option works fine on the command line, but non in php. Server is a Microsoft IIS and answers first with 401 Unauthorized, on second pass with 200 OK.
调查了几个小时后,我没有找到有效的解决方案.
After investigating for several hours i did not find a working solution..
当我在命令行(centos 6.4)上使用curl来检索服务的内容时:
When i use curl on the command line (centos 6.4) to retrieve the content of a service:
curl -v http://example.com/do.asmx --ntlm -u DOMAIN\\username:password
服务器使用以下代码成功回答:
the server answers successfully with this code:
* About to connect() to example.com port 80 (#0)
* Trying nn.nn.nn.nn... connected
* Connected to example.com (nn.nn.nn.nn) port 80 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Server auth using NTLM with user 'DOMAIN\username'
> GET /do.asmx HTTP/1.1
> Authorization: NTLM xxxxxxxxxxxxxxxxxx
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: example.com
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
< Date: Thu, 07 Jan 2016 19:28:04 GMT
< Content-Length: 341
<
* Ignoring the response-body
* Connection #0 to host example.com left intact
* Issue another request to this URL: 'http://example.com/do.asmx'
* Re-using existing connection! (#0) with host example.com
* Connected to example.com (nn.nn.nn.nn) port 80 (#0)
* Server auth using NTLM with user 'DOMAIN\username'
> GET /do.asmx HTTP/1.1
> Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: example.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/7.5
< X-AspNet-Version: 4.0.30319
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< X-UA-Compatible: IE=EmulateIE8
< Date: Thu, 07 Jan 2016 19:28:04 GMT
< Content-Length: 5340
<
<html>
...
好的,到目前为止,这很好.现在我试图在php中做同样的事情:
ok, so far, this works fine. now i tried to do the same in php :
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, 'http://example.com/do.asmx' );
curl_setopt( $ch, CURLOPT_HEADER, true );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM );
curl_setopt( $ch, CURLOPT_USERPWD, "DOMAIN\\username:password" );
curl_setopt( $ch, CURLOPT_TIMEOUT, 10 );
curl_setopt( $ch, CURLOPT_VERBOSE, true );
$output = curl_exec($ch);
print_r(curl_getinfo($ch));
echo curl_error($ch);
curl_close($ch);
var_dump($output);
但是什么也没发生.结果是
but nothing happens. the results are
print_r(curl_getinfo($ ch)):
Array
(
[url] => http://example.com/do.asmx
[content_type] =>
[http_code] => 0
[header_size] => 0
[request_size] => 0
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0
[namelookup_time] => 0.021611
[connect_time] => 0
[pretransfer_time] => 0
[size_upload] => 0
[size_download] => 0
[speed_download] => 0
[speed_upload] => 0
[download_content_length] => -1
[upload_content_length] => -1
[starttransfer_time] => 0
[redirect_time] => 0
[certinfo] => Array
(
)
)
回声curl_error($ ch):
connect() timed out!
var_dump($ output):
bool(false)
该问题如何解决?这超出了我的知识..
how could this problem be solved ? this goes beyond my knowledge ..
推荐答案
我建议您从http标头 Authorization:NTLM TL ...
中删除base64字符串,因为可以对其进行解码,并且阅读您的域和凭据,使您面临巨大的安全风险.
I suggest you remove the base64 strings from the http header Authorization: NTLM TL...
since it is possible to decode it and read your domain and credentials exposing you to a huge security risk.
也要删除这些IP地址,除非它们仅是内部的(即使仍然,也要删除它们).
Remove those IP addresses as well unless they are internal only (even still, remove them anyways).
这篇关于使用ntlm身份验证的curl在命令行中有效,但在php中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!