欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

IIS 各種身份驗(yàn)證詳細(xì)測(cè)試

 更新時(shí)間:2008年12月29日 20:40:47   作者:  
IIS的各種身份驗(yàn)證詳細(xì)測(cè)試

3.3.5. 客戶(hù)端發(fā)送用登陸本機(jī)的賬戶(hù)加密后的質(zhì)詢(xún)碼
GET /wstest/default.aspx HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MAXTHON 2.0)
Host: biztalkr2:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAABQAFABIAAAAGgAaAFwAAAAUABQAdgAAAAAAAAC6AAAABYKIogUCzg4AAAAPVwBJAE4AMgAwADAAMwAtAFAAQwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAFcASQBOADIAMAAwADMALQBQAEMAg7v6JYS/3bAAAAAAAAAAAAAAAAAAAAAArE2xu3xDN3w0LmV1yUkDkrqVWhb2wg27
3.3.6. 服務(wù)端驗(yàn)證通過(guò),返回資源
用戶(hù)端登錄的用戶(hù)名和密碼正好能匹配到服務(wù)端的一個(gè)用戶(hù)和密碼,驗(yàn)證通過(guò)。
HTTP/1.1 200 OK
Date: Wed, 14 Nov 2007 12:35:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 522
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
.Untitled Page
</title></head>
<body>
<form name="form1" method="post" action="default.aspx" id="form1">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzgzNDMwNTMzZGTcefU2sz1MLsbXiZdUEXomIyZ20Q==" />
</div>
<div>
This is a simple page!</div>
</form>
</body>
</html>
4、 客戶(hù)端和服務(wù)器都在同一域中
服務(wù)器和客戶(hù)端機(jī)器在同一個(gè)局域網(wǎng)中,并同在一個(gè)域中??蛻?hù)端IE請(qǐng)求服務(wù)端IIS的一個(gè)頁(yè)面iisstart.htm。
IIS服務(wù)端設(shè)置:
l 不啟用匿名訪(fǎng)問(wèn)
l 只啟用集成windows身份驗(yàn)證
這樣的環(huán)境下又范圍以下幾種情況:
4.1.
客戶(hù)端用機(jī)
ip
訪(fǎng)問(wèn)服務(wù)器
4.1.1. 客戶(hù)端IE申請(qǐng)頁(yè)面
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: 192.168.100.5:81
Connection: Keep-Alive
4.1.2. 服務(wù)端返回?zé)o授權(quán)回應(yīng)
IIS的設(shè)置不允許匿名訪(fǎng)問(wèn),只能windows驗(yàn)證,所以發(fā)送401無(wú)授權(quán)回應(yīng),同時(shí)發(fā)回Negotiate和NTLM兩個(gè)身份驗(yàn)證頭讓客戶(hù)端選擇。
HTTP/1.1 401 Unauthorized
Content-Length: 1327
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 07:23:43 GMT
4.1.3. 客戶(hù)端選擇NTLM驗(yàn)證,要求輸入用戶(hù)名密碼,請(qǐng)求質(zhì)詢(xún)碼
由于使用的是ip地址訪(fǎng)問(wèn)服務(wù)器,URL中包含有”.”字符,IE認(rèn)為訪(fǎng)問(wèn)的不是企業(yè)內(nèi)部服務(wù)器,所以不直接提供用戶(hù)憑據(jù)給服務(wù)端,要求用戶(hù)輸入帳戶(hù)
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: 192.168.100.5:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAAD4==
4.1.4. 服務(wù)器返回質(zhì)詢(xún)碼
HTTP/1.1 401 Unauthorized
Content-Length: 1251
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACgAKADgAAAAFgomiF0CRjzLrr+cAAAAAAAAAAHwAfABCAAAABQLODgAAAA9TAFoAQgBUAEkAAgAKAFMAWgBCAFQASQABAAgATABPAEcAUwAEABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAwAiAGwAbwBnAHMALgBzAHoAYgB0AGkALgBnAG8AdgAuAGMAbgAFABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAAAAAA==
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 07:24:15 GMT
4.1.5. 客戶(hù)端發(fā)送使用前面輸入賬戶(hù)的密碼加密后的質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: 192.168.100.5:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAABoAGgBIAAAACgAKAGIAAAAKAAoAbAAAAAAAAACmAAAABYKIogUCzg4AAAAPMQA5ADIALgAxADYAOAAuADEAMAAwAC4ANQBqAGkAbgBqAHoASgBJAE4ASgBaALVaV8Ku0ERuAAAAAAAAAAAAAAAAAAAAAFowQcbaUXykWTrI7WJKQUA2taaV7wo5T2==
4.1.6. 服務(wù)端驗(yàn)證通過(guò),返回資源
HTTP/1.1 200 OK
Content-Length: 1135
Content-Type: text/html
Last-Modified: Mon, 12 Nov 2007 09:33:27 GMT
Accept-Ranges: bytes
ETag: "d4469314f25c81:e35"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 07:24:15 GMT
<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
This is a simple page!
</body>
</html>
4.2.
客戶(hù)端用機(jī)器名訪(fǎng)問(wèn)服務(wù)器
,客戶(hù)端用戶(hù)以域賬戶(hù)登錄
4.2.1. 客戶(hù)端IE申請(qǐng)頁(yè)面
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: logs:81
Connection: Keep-Alive
4.2.2. 服務(wù)端返回?zé)o授權(quán)回應(yīng)
HTTP/1.1 401 Unauthorized
Content-Length: 1327
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 08:27:18 GMT
4.2.3. 客戶(hù)端選擇Kerberos驗(yàn)證,發(fā)送驗(yàn)證票到服務(wù)端
客戶(hù)端在域中,并且以域賬戶(hù)登錄,所以客戶(hù)端IE選擇使用Kerberos身份驗(yàn)證,發(fā)送與用戶(hù)的驗(yàn)證票到服務(wù)端。
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate YIIEzQYGKwYBBQUCoIIEwTCCBL2gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBJMEggSPYIIEiwYJKoZIhvcSAQICAQBuggR6MIIEdqADAgEFoQMCAQ6iBwMFACAAAACjggOiYYIDnjCCA5qgAwIBBaEOGwxTWkJUSS5HT1YuQ06iFzAVoAMCAQKhDjAMGwRIVFRQGwRsb2dzo4IDaDCCA2SgAwIBF6EDAgEMooIDVgSCA1IeN8fZeLtzkw+5H8HOKmM8zgDOVL5GmeXoS8dMgE20RtI14EVWWZLn2j0AMXTqMOA550Grsadh89vZ89+6vprkVL0v49FM+gxHFCmZSOvLTIawBqXvLU6w1Pni8PN1pbhOKCRVON6+5XH4MN8Rfuqpyy1A/2gfeQIfLMMHs73yohp7h7QJP29b61jm0vj1xE0jEP7EupHlr225vrrVCnktTksbyqi88kIZlCB84J1gTqYoNeOycn4Qzvv8x6z1AsCfo2SBSwo1tj38BK2Fbu+BRXw26RrebGWPkILYwqED7bSR+RlDdokEhjubbyaWcnIjiSXZaN5kQqZQqms3iqhUrZpX7RaaV5BsMOgJs7LwYmc3uM5v7YqljwFD3T44XfpAiS3xlyirP3modOR1l+hV2xdIIFusXtRzY7rTkmEb2F3dGjTiMXySrc0GGhe3TrIeH9nB/2Udo/Z9m0ifXC0EU2fFogefmDc322vHhhv9gEYccG44Q/cnWx8gY9GfWCRihlaefGK+DmCvm+515UFYeIcG5KafXBQw3KX7MjI4/4hlAh3mQNn9p3nX0ePy1G1RRV2SToN7eg1PkaaYXDeC6MSIwCb53MfebzpyN0LKzmPZ6GneLYbyBIpANzPNoXz/LADA1h/l8F098ti1fThPVkUgoehgy1iyovTXyqJg6rojI0juIH7fKfc/UpfO+eLMhsquhH1KNjkCTD2CkdUfcsEU7B15j15p1OyGeg5/tEbRE67+NAWkfLSPp5R3tzGqjAh39w8n/8EWot9DBlHwk+qJp3rMFJZIvNtmXuvqnUW1NGpO1GIf78PBixyFwrJSo5syTfCiWIcw9YQ7MyvuyynAmsXeaI5+OP/GfmGpnvt5kMznu5q/nNf7LMV8n6x2+lmNlcPJiWr+KckPM9Nvntw2h/bl2qGnHDdOqNYI2N0VxzIm8wY6dWS3NIwlGl/usMjjebaELFP6rdHjpVG6pziJYjrBrws5DbqCxJ1EOeQdBiT8l1O6OUQqdOBVZH6/bj5MkLghWv0edHG8TJ4OGa69nMHDwTBOyuyRbTr5uWWFnESdyAGGbfGlJjuvSSzxgZViMSB2j8Ulk8x8MCqrupEK2i0UR6HrMNMJIDJsVcXTpIG6MIG3oAMCAReiga8EgazteAbcguseBpQnHeJihLFO78PfjI2Qop+MkH9jCOrvO9cQns1GzOKByoAbeP307QQq4zbaDF3EJlOC//4k4A6W4dc4k5lNeOgwR4LEvbIQKpdlljFiW8XUb+IgovsOlZEG0qFQgZY0I35I4Uvk/2dDkz06DGiDsQ0IENrRIMT4/7xgMSmkzspO2ojSbG5aKlbjK203QxMlkEoxb8WpJFZQggUqrLAr0q2graET
4.2.4. 服務(wù)端驗(yàn)證通過(guò),返回資源
HTTP/1.1 200 OK
Content-Length: 167
Content-Type: text/html
Last-Modified: Wed, 14 Nov 2007 08:21:24 GMT
Accept-Ranges: bytes
ETag: "bf2d54589726c81:e35"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate oYGgMIGdoAMKAQChCwYJKoZIgvcSAQICooGIBIGFYIGCBgkqhkiG9xIBAgICAG9zMHGgAwIBBaEDAgEPomUwY6ADAgEXolwEWrdYWb37ROEMMnP/4vTBwSe9hVe4XklXCWqFKG16d53aBUiTEem+lrFE8ycBgSln3zme63lKfSn9UHoNTlT100T86wxllsyrrMe437ElPcxI4pgcv9rNKU9aKg==
Date: Wed, 14 Nov 2007 08:27:18 GMT
<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
This is a simple page!
</body>
</html>
4.3.
客戶(hù)端用機(jī)器名訪(fǎng)問(wèn)服務(wù)器,客戶(hù)端用戶(hù)以客戶(hù)端本地用戶(hù)登錄,用戶(hù)名
/
口令跟服務(wù)器賬戶(hù)不匹配
4.3.1. 客戶(hù)端IE申請(qǐng)頁(yè)面
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
4.3.2. 服務(wù)端返回?zé)o授權(quán)回應(yīng)
HTTP/1.1 401 Unauthorized
Content-Length: 1327
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 08:58:13 GMT
4.3.3. 客戶(hù)端選擇NTLM驗(yàn)證,請(qǐng)求質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==
4.3.4. 服務(wù)器返回質(zhì)詢(xún)碼
HTTP/1.1 401 Unauthorized
Content-Length: 1251
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACgAKADgAAAAFgomibnmMcRgPlTMAAAAAAAAAAHwAfABCAAAABQLODgAAAA9TAFoAQgBUAEkAAgAKAFMAWgBCAFQASQABAAgATABPAEcAUwAEABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAwAiAGwAbwBnAHMALgBzAHoAYgB0AGkALgBnAG8AdgAuAGMAbgAFABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAAAAAA==
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 08:58:13 GMT
4.3.5. 客戶(hù)端發(fā)送用登陸本機(jī)的賬戶(hù)加密后的質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAAoACgBIAAAAGgAaAFIAAAAKAAoAbAAAAAAAAACmAAAABYKIogUCzg4AAAAPSgBJAE4ASgBaAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIASgBJAE4ASgBaACY8afODxKsFAAAAAAAAAAAAAAAAAAAAAPfRbw7FX9gKolM+6+QhqsRU+MWS3jKLkQ==
4.3.6. 服務(wù)端返回?zé)o授權(quán)回應(yīng)
HTTP/1.1 401 Unauthorized
Content-Length: 1251
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 08:58:13 GMT
4.3.7. 客戶(hù)端及選選擇NTLM驗(yàn)證,要求輸入用戶(hù)名和口令,再次請(qǐng)求質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==
4.3.8. 服務(wù)端返回質(zhì)詢(xún)碼
HTTP/1.1 401 Unauthorized
Content-Length: 1251
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACgAKADgAAAAFgomi3CZKUW4302QAAAAAAAAAAHwAfABCAAAABQLODgAAAA9TAFoAQgBUAEkAAgAKAFMAWgBCAFQASQABAAgATABPAEcAUwAEABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAwAiAGwAbwBnAHMALgBzAHoAYgB0AGkALgBnAG8AdgAuAGMAbgAFABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAAAAAA==
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 08:59:09 GMT
4.3.9. 客戶(hù)端發(fā)送使用前面輸入賬戶(hù)的密碼加密后的質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAAoACgBIAAAAGgAaAFIAAAAKAAoAbAAAAAAAAACmAAAABYKIogUCzg4AAAAPSgBJAE4ASgBaAGEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIASgBJAE4ASgBaAIP0UwZaV4tAAAAAAAAAAAAAAAAAAAAAAMS9l9MtVOFPSz/JmjD+/7W2ssAdBrkvwQ==
4.3.10. 服務(wù)端驗(yàn)證通過(guò),返回資源
HTTP/1.1 200 OK
Content-Length: 167
Content-Type: text/html
Last-Modified: Wed, 14 Nov 2007 08:21:24 GMT
Accept-Ranges: bytes
ETag: "bf2d54589726c81:e35"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 08:59:09 GMT
<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
This is a simple page!
</body>
</html>
4.4.
客戶(hù)端用機(jī)器名訪(fǎng)問(wèn)服務(wù)器,客戶(hù)端用戶(hù)以客戶(hù)端本地用戶(hù)登錄,用戶(hù)名
/
口令跟服務(wù)器賬戶(hù)匹配
4.4.1. 客戶(hù)端IE申請(qǐng)頁(yè)面
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
4.4.2. 服務(wù)端返回?zé)o授權(quán)回應(yīng)
HTTP/1.1 401 Unauthorized
Content-Length: 1327
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 09:11:09 GMT
4.4.3. 客戶(hù)端選擇NTLM驗(yàn)證,請(qǐng)求質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==
4.4.4. 服務(wù)器返回質(zhì)詢(xún)碼
HTTP/1.1 401 Unauthorized
Content-Length: 1251
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACgAKADgAAAAFgomil8OZAC0QBhYAAAAAAAAAAHwAfABCAAAABQLODgAAAA9TAFoAQgBUAEkAAgAKAFMAWgBCAFQASQABAAgATABPAEcAUwAEABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAwAiAGwAbwBnAHMALgBzAHoAYgB0AGkALgBnAG8AdgAuAGMAbgAFABgAcwB6AGIAdABpAC4AZwBvAHYALgBjAG4AAAAAAA==
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 09:11:09 GMT
4.4.5. 客戶(hù)端發(fā)送用登陸本機(jī)的賬戶(hù)加密后的質(zhì)詢(xún)碼
GET /iisstart.htm HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: logs:81
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAAoACgBIAAAAGgAaAFIAAAAKAAoAbAAAAAAAAACmAAAABYKIogUCzg4AAAAPSgBJAE4ASgBaAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIASgBJAE4ASgBaAMQdxp9OWMESAAAAAAAAAAAAAAAAAAAAAMEj775cWctAx2Csmbgfq2afsGcop92oMA==
4.4.6. 服務(wù)端驗(yàn)證通過(guò),返回資源
用戶(hù)端登錄的用戶(hù)名和密碼正好能匹配到服務(wù)端的一個(gè)用戶(hù)和密碼,驗(yàn)證通過(guò)。
HTTP/1.1 200 OK
Content-Length: 167
Content-Type: text/html
Last-Modified: Wed, 14 Nov 2007 08:21:24 GMT
Accept-Ranges: bytes
ETag: "bf2d54589726c81:e35"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 14 Nov 2007 09:11:09 GMT
<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
This is a simple page!
</body>
</html>
5、 集成驗(yàn)證總結(jié)
5.1.
客戶(hù)端以
ip
地址訪(fǎng)問(wèn)服務(wù)器
不管客戶(hù)端跟服務(wù)器是否在域、也不管客戶(hù)端是否以域帳號(hào)登陸,只要客戶(hù)端以ip地址訪(fǎng)問(wèn)服務(wù)器,那么客戶(hù)端就會(huì)選擇NTLM方式驗(yàn)證,并且不會(huì)直接發(fā)送客戶(hù)端登錄用戶(hù)的用戶(hù)名和密碼給服務(wù)器,而是會(huì)彈出一個(gè)對(duì)話(huà)框要求用戶(hù)輸入用戶(hù)名和口令,然后發(fā)送到服務(wù)端驗(yàn)證。
您可以避免在使用 IP 地址或名稱(chēng)中包含句點(diǎn)的企業(yè)內(nèi)部網(wǎng)服務(wù)器上出現(xiàn)這種提示,方法是,在 Internet Explorer 的“本地 Intranet”設(shè)置中,列出包含 IP 地址的服務(wù)器,或是列出包含句點(diǎn)的服務(wù)器名稱(chēng)??梢酝ㄟ^(guò)依次單擊“工具”、“Internet 選項(xiàng)”、“本地 Intranet”、“站點(diǎn)”、“高級(jí)”來(lái)訪(fǎng)問(wèn)“本地 Intranet”設(shè)置部分。然后在“將該網(wǎng)站添加到區(qū)域中”輸入 http://127.0.0.1 或其他相關(guān)站點(diǎn)的 URL。
下面總結(jié)的都是在客戶(hù)端以機(jī)器名訪(fǎng)問(wèn)服務(wù)器的情況。
5.2.
服務(wù)器在域,客戶(hù)端以域帳號(hào)登陸
如果客戶(hù)端的機(jī)器在域中,同時(shí)登陸用戶(hù)又是以域用戶(hù)登錄,那么IE選擇Kerberos驗(yàn)證方式。
5.3.
其他情況
IE
都選擇采用
NTLM
驗(yàn)證方式。
出來(lái)上述的兩種情況,其他情況,客戶(hù)端都選擇NTLM驗(yàn)證,并首先嘗試把登錄客戶(hù)端用戶(hù)的用戶(hù)名和密碼傳送給服務(wù)器驗(yàn)證,如果驗(yàn)證通過(guò)了,被直接授權(quán)訪(fǎng)問(wèn);如果驗(yàn)證沒(méi)通過(guò),客戶(hù)端彈出對(duì)話(huà)框要求輸入用戶(hù)名和密碼,然后再傳送到服務(wù)端驗(yàn)證,直到驗(yàn)證通過(guò)。
集成 Windows 身份驗(yàn)證Kerberos的驗(yàn)證方式是 Intranet 環(huán)境中最好的身份驗(yàn)證方案,在這種用戶(hù)擁有 Windows 域帳戶(hù),Kerberos驗(yàn)證不在網(wǎng)絡(luò)上傳遞用戶(hù)密碼,只用傳送一個(gè)用戶(hù)驗(yàn)證票。NTLM要傳送用戶(hù)的密碼,但是密碼經(jīng)過(guò)處理后派生出一個(gè)8字節(jié)的key加密質(zhì)詢(xún)碼,也是比較安全的。
四、 基本身份驗(yàn)證
客戶(hù)端IE請(qǐng)求服務(wù)端IIS的一個(gè)頁(yè)面iisstart.htm。
IIS服務(wù)端設(shè)置:
l 不啟用匿名訪(fǎng)問(wèn)
l 只啟用基本身份驗(yàn)證
1、 客戶(hù)端IE申請(qǐng)頁(yè)面
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: logs:81
Connection: Keep-Alive
2、 服務(wù)端返回?zé)o授權(quán)回應(yīng),并告知客戶(hù)端要求基本身份驗(yàn)證
服務(wù)端設(shè)置的基本身份驗(yàn)證,所以這里返回的無(wú)授權(quán)回應(yīng)的http頭中包含 WWW-Authenticate: Basic 頭,告訴客戶(hù)端,服務(wù)端要求的是基本身份驗(yàn)證
HTTP/1.1 401 Unauthorized
Content-Length: 1327
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="logs"
X-Powered-By: ASP.NET
Date: Mon, 19 Nov 2007 06:15:57 GMT
3、 客戶(hù)端彈出對(duì)話(huà)框要求輸入用戶(hù)名和密碼
GET /iisstart.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MAXTHON 2.0)
Host: logs:81
Connection: Keep-Alive
Authorization: Basic YWRtaW5pc3RyYXRvcjpzemJ0aUAxMDA1
客戶(hù)端把用戶(hù)名和密碼轉(zhuǎn)換成base64編碼后,直接發(fā)送到服務(wù)端。
發(fā)送到服務(wù)器的“Authorization: Basic”頭里面的“YWRtaW5pc3RyYXRvcjpzemJ0aUAxMDA1”部分就是用戶(hù)的用戶(hù)名和密碼,經(jīng)過(guò)base64解碼后是這樣的:administrator:szbti@1005
4、 服務(wù)端驗(yàn)證通過(guò),返回資源
HTTP/1.1 200 OK
Content-Length: 167
Content-Type: text/html
Last-Modified: Wed, 14 Nov 2007 08:21:24 GMT
Accept-Ranges: bytes
ETag: "bf2d54589726c81:e7d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 19 Nov 2007 06:16:34 GMT
<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
This is a simple page!
</body>
</html>

相關(guān)文章

最新評(píng)論