XMLHttpRequest SOAP request with Windows Authentication

2018-05-30 07:04:33

I'm trying to make SOAP request to Microsoft server using XMLHttpRequest (firefox) with different authentication schemes allowed on the server.

var xmlhttp = new XMLHttpRequest();
xmlhttp.open('POST', url, true);
xmlhttp.setRequestHeader("Content-Type", "text/xml; charset=UTF-8");
xmlhttp.setRequestHeader("Connection", "keep-alive");

xmlhttp.onreadystatechange = function () {
    if (xmlhttp.readyState == 4) {
        if (xmlhttp.status == 200) {
            alert(xmlhttp.responseText);
        }
    }
}

xmlhttp.send(soapRequest);

In this case everything works as expected. When I run this code I'll get prompted for username and password and after entering credentials I'll get response from the server. This works for Basic, Digest and Windows authentication.

But I don't want to get prompted for credetntials so I altered the second line to

xmlhttp.open('POST', url, true, username, password);

Now this works only for Basic and Digest authentication, but not for Windows Auth (NTLM). I'll get 401 response from the server which is fine when using this authentication method, but no further communication happens.

I also tried to add domain to "network.automatic-ntlm-auth.trusted-uris" preference, but it didn't help.

The server's full response:

Cache-Control private
Content-Length 0
Date Fri, 07 Jul 2017 16:48:22 GMT
Server Microsoft-IIS/7.5
WWW-Authenticate Negotiate
                 NTLM
X-AspNet-Version 2.0.50727
X-Powered-By ASP.NET

It turned out that Negotiate in the response header is the trouble maker. When I change Windows Authentication providers on the server to NTLM instead of Neogotiate,NTLM then it works.

However if you don't have access to the server you need to somehow modify the response header on the client side (remove Negotiate from WWW-Authenticate) before processing further.

链接地址: http://www.djcxy.com/p/3800.html

上一篇: REST API令牌

下一篇: 带有Windows身份验证的XMLHttpRequest SOAP请求