HTTPClient getting two 401s before success (sending wrong token)
I\'m trying to communicate with a self-hosted WebAPI client using HttpClient. The client is created with the following code:
HttpClientHandler clien
-
What you are experiencing is normal, this is how the NTLM authentication scheme works.
1: C --> S GET ... 2: C <-- S 401 Unauthorized WWW-Authenticate: NTLM 3: C --> S GET ... Authorization: NTLM4: C <-- S 401 Unauthorized WWW-Authenticate: NTLM 5: C --> S GET ... Authorization: NTLM 6: C <-- S 200 Ok - The client sends a
GETrequest to the server. - Since you need to be authenticated to access the requested resource, the server sends back a
401 Unathorizedresponse and notifies the client in theWWW-Authenticateheader that it supportsNTLMauthentication. So this is where you get your first401response code. - The client sends the domain name and the username to the server in the
Authorizationheader. Note that based solely on these information the client cannot be authenticated yet. - The server sends a challenge to the client. It's a randomly generated number called a nonce. This is where you get your second
401response code. - The client sends back a response to the server's challenge, using its password's hash to encrypt the random number.
- The server sends the client's username, the challenge sent to the client and the response received from the client to the domain controller. Using the username the domain controller retrieves the hash of the user's password and encrypts the challenge with it. If the result matches the response sent by the client, the client is authenticated and the server sends back a
200response code and the requested resource to the client.
- The client sends a
加载中...
- 热议问题