System.Net.WebClient不适用于Windows身份验证 [英] System.Net.WebClient doesn't work with Windows Authentication
问题描述
我正在尝试在WinForms应用程序中使用System.Net.WebClient将文件上传到IIS认证服务器,该服务器的Windows身份验证为
,它只是'身份验证'方法。
I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as it only 'Authentication' method.
WebClient myWebClient = new WebClient();
myWebClient.Credentials = new System.Net.NetworkCredential(@"boxname\peter", "mypassword");
byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName);
我得到'远程服务器返回错误:(401)未经授权',实际上它是一个401.2
I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2
客户端和IIS都在同一台Windows Server 2003 Dev机器上。
Both client and IIS are on the same Windows Server 2003 Dev machine.
当我尝试打开时在Firefox中的页面输入与代码中相同的正确凭据,页面出现。
但是当使用IE8时,我得到相同的401.2错误。
When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up. However when using IE8, I get the same 401.2 error.
尝试使用Chrome和Opera,它们都有效。
Tried Chrome and Opera and they both work.
我在IE Internet选项中启用了启用集成Windows身份验证。
I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options.
安全事件日志具有失败审核:
The Security Event Log has a Failure Audit:
Logon Failure:
Reason: An error occurred during logon
User Name: peter
Domain: boxname
Logon Type: 3
Logon Process: ÈùÄ
Authentication Package: NTLM
Workstation Name: boxname
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 1476
我使用Process Monitor和Fiddler进行调查但无济于事。
I used Process Monitor and Fiddler to investigate but to no avail.
为什么这会起作用第三方浏览器但没有使用IE或System.Net.WebClient?
Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?
推荐答案
我见过类似的问题,其中Integrated /只有在按机器名或localhost访问主机时,NTLM安全性才有效。实际上,它是Windows中一个[不良]文档功能,旨在防止反射攻击。
I have seen a similar issue, where the Integrated / NTLM security will only work if you are accessing the host by machine name or localhost. In fact, it is a [poorly] document feature in Windows that is designed to protect against "reflection attacks".
基本上,您需要创建一个注册表项尝试访问服务器的计算机,并将您尝试访问的域列入白名单。每个主机名/ FQDN都需要在它自己的行上 - 没有通配符,名称必须完全匹配。来自KB文章:
Basically, you need to create a registry key on the machine that is trying to access the server, and whitelist the domain you are trying to hit. Each host name / FQDN needs to be on it's own line - there are no wildcards and the name must match exactly. From the KB Article:
- 单击开始,单击运行,键入regedit,然后单击确定。
- 在注册表编辑器中,找到并单击以下注册表项:
HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet \Control \Lsa \ MSV1_0 - 右键单击 MSV1_0 ,指向新建,然后单击多字符串值。
- 键入 BackConnectionHostNames ,然后按ENTER键。
- 右键单击 BackConnectionHostNames ,然后单击修改。
- 在数值数据框中,键入主机名或本地计算机上的站点的主机名,然后单击确定。
- 退出注册表编辑器,然后重新启动计算机。
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- Exit Registry Editor, and then restart the computer.
http:// support。 microsoft.com/kb/956158/en-us
这篇关于System.Net.WebClient不适用于Windows身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
