Windows ?????? ??????? ?? ??? IIS ??????

???? ?????? ???? ??????
???? ID: 969060 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

?????

?? ???? ?? HTTP ??????? ?? ?? ??????? ?????????? ???????? (IIS) ????? ?? ??? ?????? ?? ???????? ????? ?? Windows ?????? ??????? ???????? ???? ??? ?? ?? ????? ???? ??? ?? ???? ??? ?? illustrates ?? IIS ??? ?? ?????????? ?? ????????? ??? IIS ??? ???? ?? ????? ???

???? ???????

Windows ?????? ??????? Kerberos v5 ?????????? ?? NTLM ?????????? ?? ????? ???? ??? ???????? ?? ?????? ???? ??????? ????????? ?????????? ????? ?? ????? ????? ???????? ???? ?? ??? ????? ???? ??? ??? ??? ?????? ?????????? ????? ???????? ?? ?? Windows 2000 ?????, Windows Server 2003, ?? Windows Server 2008 ??? ??? ?? ?? ??????? ?? ?? ??????? ??? ??????? Kerberos v5 ??????? ????????? ?? ?????? ???? ??, ?? ??????? ?? ????? IIS ????? Kerberos v5 ???????? ??????, ??????? ?? ????? IIS ????? NTLM ????????

???:Windows ?????? ?????????? ?? ???? ??? ??????? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://technet2.Microsoft.com/WindowsServer/EN/Library/80c79abb-348d-467a-92fe-825e696be3351033.mspx?mfr=TRUE
?? IIS ??? NTLM ?? IIS ??? Kerberos ?????????? ??? ??????? ????? ?? ????? ??, ?? ???? ?? ??? ??? ????????? ????? ???? ?? ??? ???

IIS ????? ?? ??? ????? ?? ?? HTTP ??????? IIS Kerberos ?? ????? ???? ?? ??? ???????? ???? ??? ??, ?? ????? Kerberos ????????? ?? ?????? ?? ??? ?????? ???? ??? ????? resemble ??? ????????? ??????? ?????? ?? ????? ???????? ?? ??? IIS ??? ??? ????? ???? ???:

# ??????????: Microsoft ??????? ????? ?????? 6.0
# 1.0 # ???????: ??????: 2009-01-01 02:48:20
# ?????: ?????? ??? s sitename s ip cs ???? cs-uri-??? cs-uri-?????? s-????? cs-username ? ip cs(User-Agent) sc ?????? sc substatus sc-win32-??????
2009-01-01 02:48:20 W3SVC1 <serverip>GET / - 80 - <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 401 2 2148074254</clientip></serverip>
2009-01-01 02:48:21 W3SVC1 <serverip>GET / - 80 Domain\User <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 200 0 0</clientip></serverip>

??? IIS ????? ?? HTTP ??????? ?????? ???? ???? Kerberos ?????????, ?? ??? ???? NTLM ?? ????? ???? ?? ??? IIS ????? ?? ???????? ???? ??? ??, ??????? ?????? ?? ????? ???????? ?? ??? IIS ??? ??? ????? ??? ???????????? ?? ?????? ?????:

# ??????????: Microsoft ??????? ????? ?????? 6.0
# ???????: 1.0
# ??????: 2009-01-05 02:29:47
# ?????: ?????? ??? s sitename s ip cs ???? cs-uri-??? cs-uri-?????? s-????? cs-username ? ip cs(User-Agent) sc ?????? sc substatus sc-win32-??????
2009-01-01 02:29:47 W3SVC1 <serverip>GET / - 80 - <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 401 2 2148074254</clientip></serverip>
2009-01-01 02:29:47 W3SVC1 <serverip>GET / - 80 - <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 401 1 0</clientip></serverip>
2009-01-01 02:29:47 W3SVC1 <serverip>GET / - 80 Domain\User <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 200 0 0</clientip></serverip>

Windows ?????? ???????

IIS Negotiate ?????????, NTLM ?????????, ?? ????? ?? ?????? ???? ?? ??? ???????? ???? ?? ???? ??? IIS 6.0 ??? ?? ????? ????????? ???, ?? NTAuthenticationProviders ??????? ????? ?? ???????? ???? ?? ?????? ???? ??? ??? IIS 7.0, ??? ?? ?????? ??????? ?????? ????? ??<provider></provider>?? ??????? ????<windowsauthentication></windowsauthentication>ApplicationHost.config ???? ??? ?? web.config ????? ??? ?????

???? informationabout ?? ??? ???? Windows ?? ???????? ???? ?? ??? Integrated ??????? IIS 6.0 ??? ?? ????? ????????? ???, ????? ???? ?????? ?? ????? ???? ?? Microsoft ???????? ??? ?????:
215383??????? ??????? ?? ??? Kerberos ????????? ?? NTLM ????????? ?? ?????? ???? ?? ??? IIS ?? ???????? ???? ????
IIS 7.0 ??? Windows ?????? ??????? ?? ???????? ???? ???? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://TechNet.Microsoft.com/en-us/library/cc754628.aspx

???????? ??????????

?? ????????-?????? ?????? ????? ???? ???? ???????? ??? IIS Negotiate ????????? ?? NTLM ????????? ?? ?????? ???? ?? ??? ???????? ???? ??? ??? ????? ???????? ??? ???? Negotiate ????????? ??????? ???

???????? 1 ? Negotiate ????????? ?? NTLM ?????????

?? ?????? ???, IIS Negotiate ????????? ?? NTLM ????????? ?? ?????? ???? ?? ??? ???????? ???? ??? ??? IIS 6.0 ??? ?? ????? ????????? ???, ?? "Negotiate, NTLM" ???? ?? ??? NTAuthenticationProviders ??????? ????? ?? ??? ???? ?? ?????? ???? ??? ??? IIS 7.0 ??? ?? ??? ?? ????????? ???, Negotiate ????????? ?? NTLM ????????? ?????? ???????? ??? ????????? ?? ??? ??? <windowsauthentication>???????</windowsauthentication>

???:????? ?????? ??? ???????? ?????? ?? ???????? ????? ??? ??? ?????? Microsoft ??????? ?????? 3.2 ????? ?? ????? ????? ??????? ?????? ????? ?? ?????? ??????? ?? ??????? ???? ?? ??? ????? ??? ???? ?? ????:
HTTP://www.Microsoft.com/downloads/details.aspx?FamilyID=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&DisplayLang=en
?? Microsoft Internet Explorer ?? ?? ?????? ????? ??, ?? Internet Explorer ????? considers ???? ???? ?? ??? ??? ??? ??????? ?? ???? ??????? ?????, Internet Explorer ???? ??? ???? ?? ??????????? ?????? ?? ?? ??? ?? ??? ??? ??? Internet Explorer ??? ???? ?????? ?? ??? ???? ?????? ????? ?? ?? ?????? ????? ?? ?? ?????? ?????????? ??:

HTTP: ??????, GET /
????: GET
ProtocolVersion: HTTP/1.1
???????: ???/gif, ???/x-xbitmap, ???/jpeg, ???/pjpeg, * / *
???????-????: ??-????
???????-?????????: gzip, ???????
UserAgent: Mozilla/4.0 (????; MSIE 6.0; Windows NT 5.1)
?????: www.kerberos.com
???????: ??????-????

IIS ????? ???? ??????? ?? ?????? ???? ?? ??? ???????? ???? ???? ??? ??, ??? IIS ????? ???? ??????? ??????? ??????? ?? ?? 401.2 ?????? ???? ??? ????? ?????? ?????? ?? ??? ????? ?? ?? ????? ?? ?????? ???? ?? ?? ??????? ????????? ?? ????? ?? ???????? ??? IIS ???? ?? ?? ???????? ????? ????? resemble:

???????????, HTTP/1.1, ?????? ??? HTTP: = 401
ProtocolVersion: HTTP/1.1
StatusCode: ???????, 401
????: ???????
ContentLength: 1656
ContentType: html/???
????? ?? ???: Microsoft-IIS/6.0
WWWAuthenticate: Negotiate
WWWAuthenticate: NTLM

????? IIS ?? ??? ????? ?? ?? ????? ????? ?? IIS ?? ????? ?????? ????????? IIS ??? ???? ?? ???:

<date> <time>W3SVC <id> <serverip>GET / - 80 - <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 401 2 2148074254</clientip></serverip></id></time></date>

???:"2148074254" ?? win32 ?????? (??-2146893042 ?? ??? ??? ????????? / 0x8009030E / SEC_E_NO_CREDENTIALS) ?? ???? ?? "??????????? ???? ??????? ????? ??? ?????? ???." ????? ?????? ???, ??????? ???? ?? ??????????? ?? ???? ???? ???

??????? IIS ????? ?? 401.2 ??????????? ??????? ???? ??, ?? ??? ??????? understands ?? IIS ???? ??????? ?? ???? Windows ?????? ??????? ?? ????? ???? ?? ??? ???????? ???? ??? ??? ?????, ??????? ???? ?????? ??? ???? ??????? ??????? ?????? ???? ??????

??????? ???? ??? ????? ?? ???? ???? ?? ?? ?????? ????? ??:

HTTP: ??????, GET /
????: GET
URI: /
ProtocolVersion: HTTP/1.1
???????: ???/gif, ???/x-xbitmap, ???/jpeg, ???/pjpeg, * / *
???????-????: ??-????
???????-?????????: gzip, ???????
UserAgent: Mozilla/4.0 (????; MSIE 6.0; Windows NT 5.1)
?????: www.kerberos.com
???????: ??????-????
?????????: Negotiate
YIIJ5wYGKwYBBQUCoIIJ2zCCCdegJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCCa0EggmpYIIJpQYJKoZIhvcSAQICAQBugggtygmUMIIJkKADAgEFoQMCAQ6iBwMFACAAAACjggPMYYIDyDCCA8SgAwIBBaENGwtWQU5EQU5BLkNPTaIjMCGgAwIBAqEaMBgbBEhUVFAbEHd3dy5rZXJiZXJvc

???:?? ???? ??? Kerberos ??????? ??? ticket: Negotiate ????? ??? ?? ???? ?? ???? ??? ???

IIS ????? ?????? ??????? ???? ??? IIS ????? ?? ??????? ?? ????? ?????????? ??????? ??????? ?????? ?????: ????? ??? ?? ??? Negotiate. ??? ??????? ????? ??????????? ??????? ???? ???? ??, ?? ?????????? ??? ???? ??? IIS ???? ??? ????? ??????????? ????? ??:

HTTP: ???????????, HTTP/1.1, ?????? ??? = 200
ProtocolVersion: HTTP/1.1
StatusCode: 200, ok
????: ???
??????: xxx, <date> <time>GMT</time></date>
????? ?? ???: Microsoft-IIS/6.0
ContentLength: 19
ContentType: html/???
WWWAuthenticate: Negotiate =

???:??????? ????? ?? ???? Kerberos ?????????? ????? ???? ?? ???? ????? ???? ??? ???????? ?????????? ???? ??? ???? ?? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://TechNet.Microsoft.com/en-us/library/cc758557.aspx
????? IIS ?? ?? ????? ????????? IIS ??? ???? ?? ???:

<date> <time>W3SVC <id> <serverip>GET /time.asp - 80 Domain\user <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 200 0 0</clientip></serverip></id></time></date>

2 - ???????? ????????? Negotiate

???????? ??? ?????? IIS ???????? ?? ???? ????????? ?? ?????? Negotiate Negotiate ????????? ?? ????????? NTLM ?? ????, ?????? ?? ???????? ?? ?????? ???? ??? IIS ??? ??? ??? ?? ???? ??? IIS ???? ???? ?????? ???? ?? ??? ???????? ?? ?? ????????? ??????????? ??? ???? ??? ?? ?????? ???, IIS ???? Negotiate ????? ????? ?? ??:

HTTP: ???????????, HTTP/1.1,
?????? ??? = 401
ProtocolVersion: HTTP/1.1
StatusCode: ???????, 401
????: ???????
ContentLength: 1656
ContentType: html/???
????? ?? ???: Microsoft-IIS/6.0
WWWAuthenticate: Negotiate

NLTM ??????????

??? ????????-?????? ?????? ?????? IIS ???????? ?? ???? NTLM ????????? ?? ?????? ???? ?? ??? ????? ??? IIS 6.0 ??? ?? ????? ????????? ???, ?? NTAuthenticationProviders ??????? ????? ?? ??? ???? ?? ??? "NTLM" ???? ?????? ???? ??? ??? IIS 7.0 ??? ?? ??? ?? ????????? ???, ???? NTLM ????????? ??? ??? ??????? ?? ??? ??? ???????? ???? ????? <windowsauthentication>????</windowsauthentication>

??? ??, Internet Explorer ???? ????? ??? ?? ?????????? ??????? ??? ??? ??? ??????? ?? ???? ??????:

HTTP: ??????, GET /
????: GET ProtocolVersion: HTTP/1.1
???????: ???/gif, ???/x-xbitmap, ???/jpeg, ???/pjpeg, * / *
???????-????: ??-????
???????-?????????: gzip, ???????
UserAgent: Mozilla/4.0 (????; MSIE 6.0; Windows NT 5.1)
?????: www.kerberos.com
???????: ??????-????

IIS ????? ???? ??????? ?? ?????? ???? ?? ??? ???????? ???? ???? ??? ??, ??? ????? ???? ??????? ??????? ??????? ?? ?? 401.2 ?????? ???? ??? ????? ?????? ?????? ?? ??? ????? ?? ?? ????? ?? ?????? ???? ?? ?? ??????? ????????? ?? ????? ?? ???? NTLM ???????? ??? IIS ???? ?? ?? ???????? ????? ????? resemble:

???????????, HTTP/1.1, ?????? ??? HTTP: = 401
ProtocolVersion: HTTP/1.1
StatusCode: ???????, 401
????: ???????
ContentLength: 1656
ContentType: html/???
????? ?? ???: Microsoft-IIS/6.0
WWWAuthenticate: NTLM

IIS ?? IIS ??? ???? ?? ??? ????? ?? ???? ???? ?? ?? ???? ????????? ????? ??:

<date> <time>W3SVC <id> <serverip>GET / - 80 - <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 401 2 2148074254</clientip></serverip></id></time></date>

?? ??????? ????? ?? ????? ?? ????? NTLM ????????? ?? ?????? ??????? ???? ??, ??????? re-sends ??????? ??????? ??????? ????? ??? ??? ?????????? ??????? ????? ??:

HTTP: ??????, GET /
????: GET
URI: /
ProtocolVersion: HTTP/1.1
???????: ???/gif, ???/x-xbitmap, ???/jpeg, ???/pjpeg, * / *
???????-????: ??-????
???????-?????????: gzip, ???????
UserAgent: Mozilla/4.0 (????; MSIE 6.0; Windows NT 5.1)
?????: www.kerberos.com
???????: ??????-????
?????????: NTLM TlRMTVNTUAABAAAAB7IIoAcABwssAoAAAACAAIACAAAABWQU5XSU5YUFZBTkRBTkE =

NTLM handshake ?? ??? ?? ??? ??? ????? acknowledges ?? ?????? ?????????? ????? ???? ?? ??? ??? ??, ????? ??????? ?? ?? ???? ??????? ????? ?????? ?????, ????? ???? ???? 401 ???????? ?? ????? ?? ???? ???? ??:

???????????, HTTP/1.1, ?????? ??? HTTP: = 401
ProtocolVersion: HTTP/1.1
StatusCode: ???????, 401
????: ???????
ContentLength: 1539
ContentType: html/???
????? ?? ???: Microsoft-IIS/6.0
NTLMAuthorization: NTLM
TlRMTVNTUAACAAAADgAOADgAAAAFgomiRCfS+kdwvJ0MAAAAAAAAAAJYAlgBGAAAABQLODgAAAA9WAEEATgBEAEEATgBBAAIADgBWAEEATgBEAEEATgBBAAEAFgBXAEkATgBEAEss8AVwBTADIAMAAwADMABAAWAHYAYQBuAGQAYQBuAGEALgBjAG8AbQADAC4AVwBpAG4AZABvAHcAcwAyADAAMAAzAC4AdgBhAG4AZA

????? IIS ?? ?? ????????? ??? IIS ??? ?? ?? ????? ?? ???? ???? ??:

<date> <time>W3SVC <id> <serverip>GET / - 80 - <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 401 1 0</clientip></serverip></id></time></date>

IIS ????? ?? 401.1 ?????? ???? ??????? ?? ??????? ??? ?? ????? ??????? ??????? ?????? ???? ?????? ??????? ?? ?????? ??????? ???? ??? ??????? ??? ?? ???? ?????? ????? ?? ???? ???? ?? ?? ????? ??:

HTTP: ??????, GET /
????: GET
URI: /
ProtocolVersion: HTTP/1.1
???????: ???/gif, ???/x-xbitmap, ???/jpeg, ???/pjpeg, * / *
???????-????: ??-????
???????-?????????: gzip, ???????
UserAgent: Mozilla/4.0 (????; MSIE 6.0; Windows NT 5.1)
?????: www.kerberos.com
???????: ??????-????
NTLMAuthorization: NTLM
TlRMTVNTUAADAAAAGAAYAHgAAAAYABgAkAAAAA4ADgBAAAAAGgAaAE4AAAAQABAAaAAAAAAAAACoAAAABYKIoFYAQQBOAEQAQQBOAEEAQQBkAG0AaQBuAGkAcwB0AwwHIAYQB0AG8AcgBWAEEATgBXAEkATgBYAFAAo53RVbJ / EucAAAAAAAAAAAAAAAAAAAAAcWyNNNlQLNMC3EVd + aoZCA9lkh8dVY/M

IIS ????? ?? ?????? ??????? ???? ??, ?? IIS ????? communicates ??????? ?????? ?? ???? ???? ?? ??? ??? ????? ???????? ?? ???? ?? ??????? ??????? ?????? ?? ?????? ?? ??, IIS ????? ?? ???? ???? ?? ?? ????? ????? ??:

HTTP: ???????????, HTTP/1.1, ?????? ??? = 200
ProtocolVersion: HTTP/1.1
StatusCode: 200, ok
????: ???
????? ?? ???: Microsoft-IIS/6.0
X-???????-??????: asp.NET
ContentLength: 19
ContentType: html/???
??? ????????: ????

???:??????? ????? ?? ???? NTLM ??????? ????? ???? ?? ???? ????? ???? ??? NTLM ??????? ???? ??? ???? ?? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://MSDN.Microsoft.com/en-us/library/bb643328.aspx
????? IIS ?? ??????????? ?? ????? ??, ?? ??? IIS ?? ????? ?????? ????????? IIS ??? ???? ?? ???:

<date> <time>W3SVC <id> <serverip>GET /time.asp - 80 Domain\User <clientip>Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 200 0 0</clientip></serverip></id></time></date>

??????

???? informationabout ?? ??? ???? IIS authenticates ??????? ??????? ?? ???, Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
264921???? IIS ??????? ??????? authenticates
???? informationabout ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????, IIS ??? Kerberos ?? ??????? ???????? ?? ?????? ???? ????:
326985IIS ??? Kerberos ?? ??????? ???????? ?? ?????? ???? ????
???? informationabout ?? ??? ???? ???????? ??????? ?? ??? AuthPersistence ??????? ??? ???????, Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
318863???????? ??????? ?? ??? AuthPersistence ??????? ??? ?? ??????? ???? ?? ??? ???? ????
???? informationabout ???? ??????????? ?????? ?? ?? ?? ???? ?? ?? ?? Windows ?? ?????? ??????? IIS 6.0 ?? ?????, ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
917557FIX: ?? ????? ?? ???? ??????????? ?? ????? ???? Kerberos ?????????? ????????? ?? ??? ?????? Windows ?????????? IIS 6.0 ???
Microsoft NTLM ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://MSDN.Microsoft.com/en-us/library/bb643328.aspx
Microsoft Kerberos ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
(VS.85) http://MSDN.Microsoft.com/en-us/library/aa378747 .aspx
?????? Windows IIS ?????????? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://technet2.Microsoft.com/WindowsServer/EN/Library/80c79abb-348d-467a-92fe-825e696be3351033.mspx?mfr=TRUE
IIS 6.0 ??? NTAuthenticationProviders ??????? ??? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://www.Microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ea7cd846-33da-49c9-927f-d4e76d6309ac.mspx?mfr=TRUE
?? ???? ??? ???? ??????? ?? ??? <windowsauthentication>IIS 7.0, ??? ??????????? ??? ?? ????? ??? ???? ?? ????:</windowsauthentication>
HTTP://www.IIS.NET/ConfigReference/SYSTEM.webServer/Security/authentication/windowsAuthentication

???

???? ID: 969060 - ????? ???????: 22 ??????? 2011 - ??????: 3.0
???? ???? ???? ??:
  • Microsoft Internet Information Services 7.0
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Services 5.1
  • Microsoft Internet Information Services 6.0
??????: 
kbexpertiseinter kbexpertiseadvanced kbhowto kbsurveynew kbmt KB969060 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:969060

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com