更新时间:2023-02-17 10:39:04
我已经调查的来源$ C $ C HttpClientHandler(最新版本我能得到我的手),这是什么可以在SendAsync找到方法:
I have investigated the source code of HttpClientHandler (the latest version I was able to get my hands on) and this is what can be found in SendAsync method:
// BeginGetResponse/BeginGetRequestStream have a lot of setup work to do before becoming async
// (proxy, dns, connection pooling, etc). Run these on a separate thread.
// Do not provide a cancellation token; if this helper task could be canceled before starting then
// nobody would complete the tcs.
Task.Factory.StartNew(startRequest, state);
现在如果您在$ C $内检查的C pssed SecurityContext.IsWindowsIdentityFlowSup $ P $的值()你最可能会得到正确的。在结果StartRequest方法是在新线程与asp.net程序(而不是模拟的用户的凭据)的凭据执行。
Now if you check within your code the value of SecurityContext.IsWindowsIdentityFlowSuppressed() you will most probably get true. In result the StartRequest method is executed in new thread with the credentials of the asp.net process (not the credentials of the impersonated user).
有两种可能的方法出于此。如果你有机会到你的服务器aspnet_config.config,您应该设置下列设置(这些设置在web.config中似乎没有任何效果):
There are two possible ways out of this. If you have access to yours server aspnet_config.config, you should set following settings (setting those in web.config seems to have no effect):
<legacyImpersonationPolicy enabled="false"/>
<alwaysFlowImpersonationPolicy enabled="true"/>
如果你不能改变aspnet_config.config你必须创建自己的HttpClientHandler以支持此方案。
If you can't change the aspnet_config.config you will have to create your own HttpClientHandler to support this scenario.
更新关于FQDN的使用
您已经在这里打的问题是Windows中的一项功能,旨在防止反射攻击。要解决这一点,你需要加入白名单,你正在尝试是试图访问服务器的计算机***问域。请按照以下步骤进行:
The issue you have hit here is a feature in Windows that is designed to protect against "reflection attacks". To work around this you need to whitelist the domain you are trying to access on the machine that is trying to access the server. Follow below steps:
HKEY_LOCAL_MACHINE \\系统\\ CurrentControlSet \\控制\\ LSA \\ MSV1_0
注册表项。 BackConnectionHostNames
( ENTER 的)。HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
registry key.BackConnectionHostNames
(ENTER).您可以阅读关于这里问题全KB文章。
You can read full KB article regarding the issue here.