我们是.NET Core的新用户,我们有一个ASP.NET Core 2.1应用程序,由我们的系统管理团队在Linux服务器上使用Apache 2.2 Proxy托管。我们有一个ASP.NET Core 2.1应用程序,由我们的系统管理团队在Linux服务器上使用Apache 2.2代理托管。用户将在浏览器中启动我们的应用程序URL,Apache代理将接收请求并将其转发给我们在Linux服务器上的应用程序。
一切都很好,我们能够自己进行持续的开发和部署。现在我们开始保护我们的应用程序,我们公司决定将Windows认证添加到我们的应用程序中。在系统管理团队完成他们的工作后,我们开始在请求头中得到以下关键值。
我们正试图在我们的ASP.NET Core 2.1应用程序中编写C#代码来获取用户名。我们觉得Key.Authorization的值是加密的。Authorization的值是加密的,其中会有用户名。我们尝试了很多方法来解密它,但无法解密。
谁能帮帮我们,让我们知道在这种情况下如何获取用户名。
请看下面的代码,我正在尝试。
if (!Request.Headers.ContainsKey("Authorization"))
{
string cookieValue = Request.Headers["Authorization"];
cookieValue= cookieValue.Substring("NTLM ".Length).Trim();
UTF8Encoding specialUtf8Encoding = new UTF8Encoding(false, true);
// below code do not work. How to get plain text ?
//byte[] protectedBytes = Base64UrlTextEncoder.Decode(cookieValue);
//string plainText = System.Text.ASCIIEncoding.ASCII.GetString(protectedBytes);
}
下面是我们在请求头中看到的键和值。
Key: Cache-Control, Value=max-age=0
Key: Connection, Value=Keep-Alive
Key: Accept, Value=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng
Key: Accept-Encoding, Value=gzip, deflate, br
Key: Accept-Language, Value=en-US,en;q=0.9
Key: Authorization, Value=NTLM TlRMTVNTUAADAAAAGAAYAIAAAABUAVQBmAAAAAwADABYAAAACAAIAGQAAAAUABQAbAAAAAAAAADsAQAABYKIogoA7kIAAAAPNSOWmAbXlPi5fhYGSO54RVAATQBBAF8ATgBCAHAAYwBhAG8AQQBOAFAAWABEAFcAVAAxADYANgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhmacrZwRfdlIkhEBBfdWjAQEAAAAAAACNce03PTXWAcU/7pwxmsPkAAAAAAIADABQAE0AQQBfAE4AQgABABAAQQBOAFQAVgBQAFcAUwAxAAQAJgBhAG0AZgAuAHAAYQBjAGkAZgBpAGMAbABpAGYAZQAuAG4A
Key: Cookie, Value=.AspNetCore.Antiforgery.Xf_oDoHBPRA=CfDJ8LQZvjci-adCv0t9XQ2PRfiQ6oFCKJDXb8Xe8d7Gd6wOtJc97d7fVTEUt8xrxjk9XYfqmyeGyO7iLAbWLKRTGPUVo9v2_zoRnCqVSrADnZPhBToSzxuoLf9u2QNcFTvkbYEOaNvphVotB4saPlb_osw
Key: Host, Value=dev.myweb.net:4443
Key: User-Agent, Value=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Key: Upgrade-Insecure-Requests, Value=1
Key: Sec-Fetch-Site, Value=none
Key: Sec-Fetch-Mode, Value=navigate
Key: Sec-Fetch-User, Value=?1
Key: Sec-Fetch-Dest, Value=document
Key: site, Value=dev.myweb.net
Key: port, Value=443
Key: X-Forwarded-For, Value=11.123.13.456
Key: X-Forwarded-Host, Value=dev.myweb.net:4443
Key: X-Forwarded-Server, Value=dev.myweb.net
我只是一个开发人员,但不是系统管理员。在做了大量的阅读、研究后,我能够解决这个问题。首先,我把它缩小到Aapche服务器的版本,而且我试过的都是Apache 2.4的解决方案,但是... 我们的是Apache 2.2.
在Apache 2.2服务器中,我们给出了以下配置。
<LocationMatch ^/mylocation>
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
NTLMBasicRealm xxx_yy
AuthType NTLM
require valid-user
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set X-Remote-User %{RU}e
</LocationMatch>
在我们的C# ASP.NET Core 2.1应用程序中,我们在http和https调用的HTTP请求头中得到以下信息。
Key: Cache-Control, Value=max-age=0
Key: Connection, Value=Keep-Alive
Key: Accept, Value=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng
Key: Accept-Encoding, Value=gzip, deflate, br
Key: Accept-Language, Value=en-US,en;q=0.9
Key: Authorization, Value=NTLM TlRMTVNTUAADAAAAGAAYAIAAAABUAVQBmAAAAAwADABYAAAACAAIAGQAAAAUABQAbAAAAAAAAADsAQAABYKIogoA7kIAAAAPNSOWmAbXlPi5fhYGSO54RVAATQBBAF8ATgBCAHAAYwBhAG8AQQBOAFAAWABEAFcAVAAxADYANgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhmacrZwRfdlIkhEBBfdWjAQEAAAAAAACNce03PTXWAcU/7pwxmsPkAAAAAAIADABQAE0AQQBfAE4AQgABABAAQQBOAFQAVgBQAFcAUwAxAAQAJgBhAG0AZgAuAHAAYQBjAGkAZgBpAGMAbABpAGYAZQAuAG4A
Key: Cookie, Value=.AspNetCore.Antiforgery.Xf_oDoHBPRA=CfDJ8LQZvjci-adCv0t9XQ2PRfiQ6oFCKJDXb8Xe8d7Gd6wOtJc97d7fVTEUt8xrxjk9XYfqmyeGyO7iLAbWLKRTGPUVo9v2_zoRnCqVSrADnZPhBToSzxuoLf9u2QNcFTvkbYEOaNvphVotB4saPlb_osw
Key: Host, Value=dev.myweb.net:4443
Key: User-Agent, Value=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Key: Upgrade-Insecure-Requests, Value=1
Key: Sec-Fetch-Site, Value=none
Key: Sec-Fetch-Mode, Value=navigate
Key: Sec-Fetch-User, Value=?1
Key: Sec-Fetch-Dest, Value=document
Key: site, Value=dev.myweb.net
Key: port, Value=443
Key: X-Forwarded-For, Value=11.123.13.456
Key: X-Forwarded-Host, Value=dev.myweb.net:4443
Key: X-Forwarded-Server, Value=dev.myweb.net
Key: X-Remote-User, Value=xxx_yy\abcdefg