如何在Windows Server 2012 R2上调试NTLM身份验证

I have set up a SOAP service on a virtual machine running Windows Server 2012 r2. I secured it using NTLM and I managed to access it from the host computer using SoapUI. So far so good...

I am now trying to access my service, still from the host, but using a golang program this time. I am using this library to do it (I only had to implement the GenerateNegotiateMessage() method and made sure that the Negotiate flags are the same as the ones of SoapUI).

To make sure that I did things right, I downloaded the source code of SoapUI and compared the outputs (NegotiateMessage and AuthenticateMessage) of my golang program and SoapUI. If I fix the inputs (timestamp and random client challenge), I do get the same outputs. However, when I try to connect to the service, I get a 401 with "Access is denied due to invalid credentials". No need to say I'm 100% sure the credentials are right as I am able to access the service with the same credentials using SoapUI. So there must be something wrong in my go code. But to figure it out, I would need more logs from my Windows Server. Any idea of where I could start looking?

Below is the web.config of my Soap service:

<?xml version="1.0"?>
<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true"/>
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5"/>
    <httpRuntime targetFramework="4.5"/>
    <trace enabled="true" pageOutput="true" requestLimit="40" localOnly="false"/>
  </system.web>
  <system.serviceModel>

    <diagnostics wmiProviderEnabled="true">
      <messageLogging
           logEntireMessage="true"
           logMalformedMessages="true"
           logMessagesAtServiceLevel="true"
           logMessagesAtTransportLevel="true"
           maxMessagesToLog="3000"
       />
    </diagnostics>

    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>

    <bindings>
      <basicHttpBinding>
        <binding>
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true"/>
  </system.webServer>
  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel" switchValue="All" propagateActivity="true">
        <listeners>
          <add name="myListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="C:\logs\TextWriterOutput.log"/>
        </listeners>
      </source>
    </sources>
  </system.diagnostics>
</configuration>

Thanks a lot for your help!

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongsuiwo0279 2015-07-22 03:29
关注
I eventually managed to solve my problem. It came from the fact that I wasn't reading entirely the response body of my HTTP request in my golang program. Therefore, every time I made a request, the server interpreted as a new connection but the NTLM authentication scheme requires all the requests to be made in a single connection. It's actually this answer that solved my problem.

For future coders, this is the code that you should use if you want to reuse the same connection:

res, _ := client.Do(req) io.Copy(ioutil.Discard, res.Body) res.Body.Close()

To conclude, I didn't manage to get much info from the logs of Windows. The tools that put me on the right track were the Failed Request Tracer that you can access from the IIS Manager and the goold old Wireshark to compare the requests made by my program and those of SoapUI.

Hope this can be useful to someone.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

如何在Windows Server 2012 R2上调试NTLM身份验证
2015-07-13 11:10

回答 1 已采纳 I eventually managed to solve my problem. It came from the fact that I wasn't reading entirely the
Go HTTP NTLM请求中的Windows系统凭据 http
2017-03-15 17:20

回答 1 已采纳 After digging into it a bit further, it looks like go-ole can be utilized to make use of WinHTTPRe
PHP exec（），shell_exec（），system（），passthru（）在Windows 7 / IIS上不起作用 php windows
2017-11-03 18:57

回答 2 已采纳 I wanted to post an update to this since I figured out the issue. The answer can be found here in
Windows Server 2012 R2 -网站—安全性设置-身份验证（VMware workstation环境）
2018-03-17 15:21

熬野的博客安装身份验证组件：匿名身份验证：任何用户都可以直接匿名连接此网站，不需要身份认证：基本身份验证：要求用户输入用户名及密码，但是用户名及密码并没有加密，容易被拦截获取数据。默认域：用户连接网站时，可以...
NTLM和Golang
2017-07-29 08:24

回答 1 已采纳 NTLM Authentication and Basic Authentication are not the same. NTLM is a protocol which is more co
Ajax文件浏览器AutoLogin Microsoft Office身份验证 php
2014-12-01 14:25

回答 1 已采纳 Unfortunately there is no way to avoid authentication dialog with Basic authentication with Micros
NTLM 密码加密算法，NTLM 密码加密算法算法
2015-03-17 06:32

回答 1 已采纳 http://netsecurity.51cto.com/art/201211/365032.htm
cypress-ntlm-auth:赛普拉斯的Windows身份验证插件
2021-05-05 11:01

Windows身份验证在公司Intranet中被广泛使用。该插件通过以简化的方式为赛普拉斯提供NTLM身份验证（和使用SSO时进行协商）来弥合差距。从未听说过赛普拉斯吗？在阅读介绍，了解它是否适合您。（剧透-是的...
Java应用winrm执行powershell指令（时间比较长），等待接收返回值时报400 java windows
2021-10-15 10:37

回答 1 已采纳自问自答了：1.原先pom.xml引用的是winrm4j是0.12.1版本，后面引入了0.12.3版本；2.执行指令前增加了重试策略，并改为Job的方式，代码如下： WinRmTool wTool =
仅限NTLM和PHP的SSO php
2014-06-15 14:03

回答 1 已采纳 This is not possible using only PHP. Validating NTLMv2 credentials requires SecureChannel encrypte
node js打包的时候安装模块安不上提示异常 node.js 前端前端框架
2023-03-12 21:54

回答 2 已采纳该回答引用GPTᴼᴾᴱᴺᴬᴵ这个错误看起来像是由于缺少一些 Node.js 核心模块而导致的问题。具体来说，js-md4 模块需要 Node.js 的 crypto 模块，而 native-dns-c
IIS 各种身份验证详细测试第1/2页
2021-01-20 15:15

一、 IIS的身份验证概述…. 3 1、匿名访问… 3 2、集成windows身份验证… 3 2.1. NTLM验证… 3 2.2. Kerberos验证… 3 3、基本身份验证… 4 二、匿名访问... 服务端验证身份验证票… 6 3、客户端和服务器都不在域
Linux出现错误code=exited，status=1/FAILURE是哪里出了问题？ http linux 运维
2022-11-22 15:30

回答 1 已采纳排错，要学会查看系统日志，你图片的查看方式，看得不全的，你可以去 /var/log/messages 那里查看具体报错信息来定位问题。虽然，你的图片的信息不全，但也看出了点提示，人家提示你了，你的配置
ntlm:通用Lisp NTLM身份验证库
2021-05-24 23:15

NTLM 这是用于处理Microsoft Windows平台常用的NTLM身份验证协议的库。可以在以下位置找到该协议的文档： 1.简介NTLM协议包含发送3条消息：客户端向服务器发送协商消息服务器向客户端发送一个CHALLENGE消息，其中...
NTLM 身份验证
2021-10-09 22:43

陈年往事心中绕的博客 NTLM是NT LAN Manager的缩写，NTLM是基于挑战/应答的身份验证协议，是 Windows NT 早期版本中的标准安全协议。基本流程 NTLM验证是一种Challenge/Response 验证机制，由三种消息组成:通常称为type 1(协商)，类型...
winexe 在windows 8.1和windows Server 2012 R2执行报错的解决方案
2018-08-28 11:03

woshi_xxx的博客概述 ... 在对代码进行了大量的研究和黑客攻击及阅读大量网站甚至与MS讨论主题之后，问题的根本原因是微软已经从Windows 8.1和Windows Server 2012 R2中删除了SMB1.0,请参阅：http//technet.microso...
EssBirthday:简单的 java 应用程序使用 NTLM 身份验证
2021-06-01 18:05

生日快乐简单的 java 应用程序使用 NTLM 身份验证 4 http 客户端
服务器2012不显示桌面,Windows Server 2012 R2 更新补丁后无法显示桌面
2021-07-29 04:42

郝ren的博客关于系统日志有如下几个报错，Event ID 7023The Windows Modules Installer service terminated with the following error:The process cannot access the file because it is being used by another proc...
Windows下LM-Hash与NTLM-Hash
2022-02-11 14:59

文档描述了Windows下LM HASH ，NTLM HASH生成原理和规则。并利用Python脚本进行模拟。详细描述了挑战/响应模式（鉴权协议）的原理详细描述了NTLM SMB通信流程对内网渗透入门感兴趣的一定下载
requests-ntlm, 请求的NTLM身份验证支持.zip
2019-09-17 18:22

requests-ntlm, 请求的NTLM身份验证支持请求 ntlm 这个包允许使用请求库进行 HTTP NTLM身份验证。用法HttpNtlmAuth 扩展请求 AuthBase，因此使用很简单：import requestsfrom requests_ntlm
没有解决我的问题, 去提问

悬赏问题

¥15 stata安慰剂检验作图但是真实值不出现在图上
¥15 c程序不知道为什么得不到结果
¥40 复杂的限制性的商函数处理
¥15 程序不包含适用于入口点的静态Main方法
¥15 素材场景中光线烘焙后灯光失效
¥15 请教一下各位，为什么我这个没有实现模拟点击
¥15 执行 virtuoso 命令后，界面没有，cadence 启动不起来
¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
¥20 有关区间dp的问题求解
¥15 多电路系统共用电源的串扰问题

如何在Windows Server 2012 R2上调试NTLM身份验证

1条回答 默认 最新

悬赏问题

1条回答默认最新