将NTLM凭据传递给远程Web服务(Passing NTLM credentials to remote web service)

系统教程行业动态更新时间:2024-06-14 17:00:14

我想将NTLM凭据传递给远程Web服务。

我从rm1.domain.com加载我的页面，并在其Javascript中调用rm2.domain.com上的Web服务。

我希望调用的Web服务能够读取执行调用的用户的NTLM凭据，但我遇到了一些问题。

情景A（不起作用）

如果我在我的配置文件中有以下内容：

并且只有在IIS中启用Windows身份验证，我得到预期的：

情景B（不起作用）

我在我的配置文件中有以下内容

和我的JavaScript中的以下内容：

jQuery.ajax({ url: "http://rm2.domain.com/getInfo?name=bobsyouruncle, dataType: "json", async: false, success: function(data) { console.log('woot'); }, error: function(ex) { console.log(ex); } });

并且只在IIS中启用Windows身份验证，则浏览器将引发：

GET http://rm2.domain.com/getInfo?name=bobyouruncle 401（未授权）jquery-1.10.1.min.js：6 XMLHttpRequest无法加载http://rm2.domain.com/getInfo?name=bobyouruncle 。 Access-Control-Allow-Origin不允许来源http://rm1 。的jquery-1.10.1.min.js：6

如果我将JavaScript更改为JSONP，那么我也什么也得不到，但这并不意外，因为我从web.config中删除了crossDomainScriptAccessEnabled =“true” 。但正如您将在情景C中看到的那样，您不能在启用身份验证方案的情况下拥有crossDomainScriptAccessEnabled =“true” 。

方案C（不会传递证书）

如果mr2的Web服务的web.config类似于方案B，则启用IIS身份验证匿名（并禁用Windows身份验证），并且jQuery的请求为JSONp，则该服务将返回数据，但不会传递身份验证信息。

底线（TL; DR）有没有办法让我的web服务作为IIS匿名，在其web.config中使用跨域标记，从浏览器传递域（NTLM）凭据并在我的代码隐藏中解析它们我的网络服务。

文档和选项的数量太多而令人困惑。

I would like to pass NTLM credentials to a remote web service.

I load my page from rm1.domain.com and in its Javascript, a web service on rm2.domain.com is called.

I would like the web service called to be able to read the NTLM credentials of the user doing the calling, but I am running into some issues.

Scenario A (won't work)

If I have the following in my config file:

and only Windows Authentication enabled in IIS, I get the expected:

Scenario B (won't work)

I have the following in my config file

and the following in my JavaScript:

jQuery.ajax({ url: "http://rm2.domain.com/getInfo?name=bobsyouruncle, dataType: "json", async: false, success: function(data) { console.log('woot'); }, error: function(ex) { console.log(ex); } });

and only Windows Authentication enabled in IIS, the browser throws:

GET http://rm2.domain.com/getInfo?name=bobyouruncle 401 (Unauthorized) jquery-1.10.1.min.js:6 XMLHttpRequest cannot load http://rm2.domain.com/getInfo?name=bobyouruncle. Origin http://rm1 is not allowed by Access-Control-Allow-Origin. jquery-1.10.1.min.js:6

If I change my JavaScript to JSONP, then I get nothing either, but that's not unexpected either as I removed crossDomainScriptAccessEnabled="true" from the web.config. But as you will see in scenario C, you can't have crossDomainScriptAccessEnabled="true" with an authentication scheme enabled.

Scenario C (won't pass credentials)

If mr2's web service's web.config is like scenario B, IIS authentication anonymous is enabled (and windows auth is disabled), and jQuery's request is JSONp then the service returns data, but the authentication information isn't passed.

Bottom Line (TL;DR) Is there a way to leave my web service as IIS anonymous, with the cross domain tag in its web.config, pass the domain (NTLM) credentials from the browser and parse them in my code-behind of my web service.

The documentation and sheer number of options is overwhelming and confusing.