System.Net.WebClient 不适用于 Windows 身份验证 [英] System.Net.WebClient doesn't work with Windows Authentication
问题描述
我正在尝试在 WinForms 应用程序中使用 System.Net.WebClient 将文件上传到具有 Windows 身份验证的 IIS6 服务器它只是身份验证"方法.
I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as it only 'Authentication' method.
WebClient myWebClient = new WebClient();
myWebClient.Credentials = new System.Net.NetworkCredential(@"boxnamepeter", "mypassword");
byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName);
我收到远程服务器返回错误:(401) 未经授权",实际上是 401.2
I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2
客户端和 IIS 都在同一台 Windows Server 2003 开发机器上.
Both client and IIS are on the same Windows Server 2003 Dev machine.
当我尝试在 Firefox 中打开页面并输入与代码中相同的正确凭据时,页面出现.然而,当使用 IE8 时,我得到了同样的 401.2 错误.
When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up. However when using IE8, I get the same 401.2 error.
尝试过 Chrome 和 Opera,它们都可以工作.
Tried Chrome and Opera and they both work.
我在 IE Internet 选项中启用了启用集成 Windows 身份验证".
I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options.
安全事件日志有失败审核:
The Security Event Log has a Failure Audit:
Logon Failure:
Reason: An error occurred during logon
User Name: peter
Domain: boxname
Logon Type: 3
Logon Process: ÈùÄ
Authentication Package: NTLM
Workstation Name: boxname
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 1476
我使用 Process Monitor 和 Fiddler 进行了调查,但无济于事.
I used Process Monitor and Fiddler to investigate but to no avail.
为什么这适用于 3rd 方浏览器,但不适用于 IE 或 System.Net.WebClient?
Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?
推荐答案
我看到了一个类似的问题,其中集成/NTLM 安全仅在您通过机器名称或本地主机访问主机时才起作用.事实上,它是 Windows 中一个[糟糕的] 文档功能,旨在防止反射攻击".
I have seen a similar issue, where the Integrated / NTLM security will only work if you are accessing the host by machine name or localhost. In fact, it is a [poorly] document feature in Windows that is designed to protect against "reflection attacks".
基本上,您需要在尝试访问服务器的机器上创建一个注册表项,并将您尝试访问的域列入白名单.每个主机名/FQDN 都需要在它自己的行上 - 没有通配符并且名称必须完全匹配.来自知识库文章:
Basically, you need to create a registry key on the machine that is trying to access the server, and whitelist the domain you are trying to hit. Each host name / FQDN needs to be on it's own line - there are no wildcards and the name must match exactly. From the KB Article:
- 单击开始,单击运行,键入 regedit,然后单击确定.
- 在注册表编辑器中,找到并单击以下注册表项:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
- 右键单击 MSV1_0,指向新建,然后单击多字符串值.
- 键入 BackConnectionHostNames,然后按 ENTER.
- 右键单击BackConnectionHostNames,然后单击修改.
- 在数值数据框中,键入本地计算机上站点的主机名或主机名,然后单击确定.
- 退出注册表编辑器,然后重新启动计算机.
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
- Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- Exit Registry Editor, and then restart the computer.
http://support.microsoft.com/kb/956158/en-us
这篇关于System.Net.WebClient 不适用于 Windows 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!