IIS 各种身份验证详细测试第1/2页

3.3.5. 客户端发送用登陆本机的账户加密后的质询码
get /wstest/default.aspx http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; .net clr 2.0.50727; infopath.1; maxthon 2.0)
host: biztalkr2:81
connection: keep-alive
authorization: negotiate tlrmtvntuaadaaaagaayaioaaaayabgaogaaabqafabiaaaaggaaafwaaaauabqadgaaaaaaaac6aaaabykioguczg4aaaapvwbjae4amgawadaamwatafaaqwbbagqabqbpag4aaqbzahqacgbhahqabwbyafcasqboadiamaawadmalqbqaemag7v6jys/3baaaaaaaaaaaaaaaaaaaaaare2xu3xdn3w0lmv1yukdkrqvwhb2wg27
3.3.6. 服务端验证通过，返回资源
用户端登录的用户名和密码正好能匹配到服务端的一个用户和密码，验证通过。
http/1.1 200 ok
date: wed, 14 nov 2007 12:35:41 gmt
server: microsoft-iis/6.0
x-powered-by: asp.net
x-aspnet-version: 2.0.50727
cache-control: private
content-type: text/html; charset=utf-8
content-length: 522
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
.untitled page
</title></head>
<body>
<form name="form1" method="post" action="default.aspx" id="form1">
<div>
<input type="hidden" name="__viewstate" id="__viewstate" value="/wepdwujnzgzndmwntmzzgtcefu2sz1mlsbxizduexomiyz20q==" />
</div>
<div>
this is a simple page!</div>
</form>
</body>
</html>
4、 客户端和服务器都在同一域中
服务器和客户端机器在同一个局域网中，并同在一个域中。客户端ie请求服务端iis的一个页面iisstart.htm。
iis服务端设置：
l 不启用匿名访问
l 只启用集成windows身份验证
这样的环境下又范围以下几种情况：
4.1.
客户端用机
ip
访问服务器
4.1.1. 客户端ie申请页面
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: 192.168.100.5:81
connection: keep-alive
4.1.2. 服务端返回无授权回应
iis的设置不允许匿名访问，只能windows验证，所以发送401无授权回应，同时发回negotiate和ntlm两个身份验证头让客户端选择。
http/1.1 401 unauthorized
content-length: 1327
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate
www-authenticate: ntlm
x-powered-by: asp.net
date: wed, 14 nov 2007 07:23:43 gmt
4.1.3. 客户端选择ntlm验证，要求输入用户名密码，请求质询码
由于使用的是ip地址访问服务器，url中包含有”.”字符，ie认为访问的不是企业内部服务器，所以不直接提供用户凭据给服务端，要求用户输入帐户
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: 192.168.100.5:81
connection: keep-alive
authorization: negotiate tlrmtvntuaabaaaab4iiogaaaaaaaaaaaaaaaaaaaaafas4oaaaad4==
4.1.4. 服务器返回质询码
http/1.1 401 unauthorized
content-length: 1251
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate tlrmtvntuaacaaaacgakadgaaaafgomif0crjzlrr+caaaaaaaaaahwafabcaaaabqlodgaaaa9tafoaqgbuaekaagakafmawgbcafqasqabaagatabpaecauwaeabgacwb6agiadabpac4azwbvahyalgbjag4aawaiagwabwbnahmalgbzahoaygb0agkalgbnag8adgauagmabgafabgacwb6agiadabpac4azwbvahyalgbjag4aaaaaaa==
x-powered-by: asp.net
date: wed, 14 nov 2007 07:24:15 gmt
4.1.5. 客户端发送使用前面输入账户的密码加密后的质询码
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: 192.168.100.5:81
connection: keep-alive
authorization: negotiate tlrmtvntuaadaaaagaayahyaaaayabgajgaaaboaggbiaaaacgakagiaaaakaaoabaaaaaaaaacmaaaabykioguczg4aaaapmqa5adialgaxadyaoaauadeamaawac4anqbqagkabgbqahoasgbjae4asgbaalvav8ku0eruaaaaaaaaaaaaaaaaaaaaafowqcbauxykwtri7wjkqua2taav7wo5t2==
4.1.6. 服务端验证通过，返回资源
http/1.1 200 ok
content-length: 1135
content-type: text/html
last-modified: mon, 12 nov 2007 09:33:27 gmt
accept-ranges: bytes
etag: "d4469314f25c81:e35"
server: microsoft-iis/6.0
x-powered-by: asp.net
date: wed, 14 nov 2007 07:24:15 gmt
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
this is a simple page!
</body>
</html>
4.2.
客户端用机器名访问服务器
，客户端用户以域账户登录
4.2.1. 客户端ie申请页面
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: logs:81
connection: keep-alive
4.2.2. 服务端返回无授权回应
http/1.1 401 unauthorized
content-length: 1327
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate
www-authenticate: ntlm
x-powered-by: asp.net
date: wed, 14 nov 2007 08:27:18 gmt
4.2.3. 客户端选择kerberos验证，发送验证票到服务端
客户端在域中，并且以域账户登录，所以客户端ie选择使用kerberos身份验证，发送与用户的验证票到服务端。
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: logs:81
connection: keep-alive
authorization: negotiate yiiezqygkwybbqucoiiewtccbl2gjdaibgkqhkic9xibagigcsqgsib3egecagykkwybbagcnwiccqkcbjmeggspyiieiwyjkozihvcsaqicaqbuggr6miiedqadagefoqmcaq6ibwmfacaaaacjggoiyyidnjcca5qgawibbaeogwxtwkjuss5ht1yuq06ifzavoamcaqkhdjamgwrivfrqgwrsb2dzo4idadcca2sgawibf6edagemooidvgsca1ien8fzeltzkw+5h8hokmm8zgdovl5gmexos8dmge20rti14evwwzln2j0amxtqmoa550grsadh89vz89+6vprkvl0v49fm+gxhfcmzsovltiawbqxvlu6w1pni8pn1pbhokcrvon6+5xh4mn8rfuqpyy1a/2gfeqiflmmhs73yohp7h7qjp29b61jm0vj1xe0jep7euphlr225vrrvcnkttksbyqi88kizlcb84j1gtqyoneoycn4qzvv8x6z1ascfo2sbswo1tj38bk2fbu+brxw26rrebgwpkilywqed7bsr+rlddokehjubbyawcnijisxzan5kqqzqqms3iqhurzpx7raav5bsmogjs7lwymc3um5v7yqljwfd3t44xfpais3xlyirp3modor1l+hv2xdiifusxtrzy7rtkmeb2f3dgjtimxysrc0gghe3trieh9nb/2udo/z9m0ifxc0eu2ffogefmdc322vhhhv9geyccg44q/cnwx8gy9gfwcrihlaefgk+dmcvm+515ufyeicg5kafxbqw3kx7mji4/4hlah3mqnn9p3nx0epy1g1rrv2ston7eg1pkaayxdec6msiwcb53mfebzpyn0lkzmpz6gnelybybipanzpnoxz/lada1h/l8f098ti1fthpvkugoehgy1iyovtxyqjg6roji0juih7fkfc/upfo+elmhsquhh1knjkctd2ckdufcseu7b15j15p1oygeg5/tebre67+nawkflspp5r3tzgqjah39w8n/8ewot9dblhwk+qjp3rmfjzivntmxuvqnuw1ngpo1gif78pbixyfwrjso5sytfciwicw9yq7myvuyynamsxeai5+op/gfmgpnvt5kmznu5q/nnf7lmv8n6x2+lmnlcpjiwr+kckpm9nvntw2h/bl2qgnhddoqnyi2n0vxzim8wy6dws3niwlgl/usmjjebaelfp6rdhjpvg6pzijyjrbrws5dbqcxj1eoeqdbit8l1o6ouqqdobvzh6/bj5mklghwv0edhg8tj4oga69nmhdwtboyuyrbtr5uwwfnesdyaggbfgljjuvsszxgzvimsb2j8ulk8x8mcqrupek2i0ur6hrmnmjidjsvcxtpig6mig3oamcareiga8egazteabcgusebpqnhejihlfo78pfji2qop+mkh9jcorvo9cqns1gzokbyoabep307qqq4zbadf3ejloc//4k4a6w4dc4k5lneogwr4levbiqkpdlljfiw8xub+igovsolzeg0qfqgzy0i35i4uvk/2ddkz06dgidsq0ienrrimt4/7xgmsmkzspo2ojsbg5aklbjk203qxmlkeoxb8wpjfzqgguqrlar0q2graet
4.2.4. 服务端验证通过，返回资源
http/1.1 200 ok
content-length: 167
content-type: text/html
last-modified: wed, 14 nov 2007 08:21:24 gmt
accept-ranges: bytes
etag: "bf2d54589726c81:e35"
server: microsoft-iis/6.0
x-powered-by: asp.net
www-authenticate: negotiate oyggmigdoamkaqchcwyjkozigvcsaqicoogibigfyigcbgkqhkig9xibagicag9zmhggawibbaedagepomuwy6adagexolwewrdywb37roemmnp/4vtbwse9hve4xklxcwqfkg16d53abuiteem+lrfe8ycbgsln3zme63lkfsn9uhontlt100t86wxllsyrrme437elpcxi4pgcv9rnku9akg==
date: wed, 14 nov 2007 08:27:18 gmt
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
this is a simple page!
</body>
</html>
4.3.
客户端用机器名访问服务器，客户端用户以客户端本地用户登录，用户名
/
口令跟服务器账户不匹配
4.3.1. 客户端ie申请页面
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
4.3.2. 服务端返回无授权回应
http/1.1 401 unauthorized
content-length: 1327
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate
www-authenticate: ntlm
x-powered-by: asp.net
date: wed, 14 nov 2007 08:58:13 gmt
4.3.3. 客户端选择ntlm验证，请求质询码
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
authorization: negotiate tlrmtvntuaabaaaab4iiogaaaaaaaaaaaaaaaaaaaaafas4oaaaadw==
4.3.4. 服务器返回质询码
http/1.1 401 unauthorized
content-length: 1251
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate tlrmtvntuaacaaaacgakadgaaaafgomibnmmcrgpltmaaaaaaaaaahwafabcaaaabqlodgaaaa9tafoaqgbuaekaagakafmawgbcafqasqabaagatabpaecauwaeabgacwb6agiadabpac4azwbvahyalgbjag4aawaiagwabwbnahmalgbzahoaygb0agkalgbnag8adgauagmabgafabgacwb6agiadabpac4azwbvahyalgbjag4aaaaaaa==
x-powered-by: asp.net
date: wed, 14 nov 2007 08:58:13 gmt
4.3.5. 客户端发送用登陆本机的账户加密后的质询码
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
authorization: negotiate tlrmtvntuaadaaaagaayahyaaaayabgajgaaaaoacgbiaaaaggaaafiaaaakaaoabaaaaaaaaacmaaaabykioguczg4aaaapsgbjae4asgbaaeeazabtagkabgbpahmadabyageadabvahiasgbjae4asgbaacy8afodxksfaaaaaaaaaaaaaaaaaaaaapfrbw7fx9gkolm+6+qhqsru+mws3jklkq==
4.3.6. 服务端返回无授权回应
http/1.1 401 unauthorized
content-length: 1251
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate
www-authenticate: ntlm
x-powered-by: asp.net
date: wed, 14 nov 2007 08:58:13 gmt
4.3.7. 客户端及选选择ntlm验证，要求输入用户名和口令，再次请求质询码
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
authorization: negotiate tlrmtvntuaabaaaab4iiogaaaaaaaaaaaaaaaaaaaaafas4oaaaadw==
4.3.8. 服务端返回质询码
http/1.1 401 unauthorized
content-length: 1251
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate tlrmtvntuaacaaaacgakadgaaaafgomi3czkuw4302qaaaaaaaaaahwafabcaaaabqlodgaaaa9tafoaqgbuaekaagakafmawgbcafqasqabaagatabpaecauwaeabgacwb6agiadabpac4azwbvahyalgbjag4aawaiagwabwbnahmalgbzahoaygb0agkalgbnag8adgauagmabgafabgacwb6agiadabpac4azwbvahyalgbjag4aaaaaaa==
x-powered-by: asp.net
date: wed, 14 nov 2007 08:59:09 gmt
4.3.9. 客户端发送使用前面输入账户的密码加密后的质询码
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
authorization: negotiate tlrmtvntuaadaaaagaayahyaaaayabgajgaaaaoacgbiaaaaggaaafiaaaakaaoabaaaaaaaaacmaaaabykioguczg4aaaapsgbjae4asgbaageazabtagkabgbpahmadabyageadabvahiasgbjae4asgbaaip0uwzav4taaaaaaaaaaaaaaaaaaaaaams9l9mtvofpsz/jmjd+/7w2ssadbrkvwq==
4.3.10. 服务端验证通过，返回资源
http/1.1 200 ok
content-length: 167
content-type: text/html
last-modified: wed, 14 nov 2007 08:21:24 gmt
accept-ranges: bytes
etag: "bf2d54589726c81:e35"
server: microsoft-iis/6.0
x-powered-by: asp.net
date: wed, 14 nov 2007 08:59:09 gmt
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
this is a simple page!
</body>
</html>
4.4.
客户端用机器名访问服务器，客户端用户以客户端本地用户登录，用户名
/
口令跟服务器账户匹配
4.4.1. 客户端ie申请页面
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
4.4.2. 服务端返回无授权回应
http/1.1 401 unauthorized
content-length: 1327
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate
www-authenticate: ntlm
x-powered-by: asp.net
date: wed, 14 nov 2007 09:11:09 gmt
4.4.3. 客户端选择ntlm验证，请求质询码
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
authorization: negotiate tlrmtvntuaabaaaab4iiogaaaaaaaaaaaaaaaaaaaaafas4oaaaadw==
4.4.4. 服务器返回质询码
http/1.1 401 unauthorized
content-length: 1251
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: negotiate tlrmtvntuaacaaaacgakadgaaaafgomil8ozac0qbhyaaaaaaaaaahwafabcaaaabqlodgaaaa9tafoaqgbuaekaagakafmawgbcafqasqabaagatabpaecauwaeabgacwb6agiadabpac4azwbvahyalgbjag4aawaiagwabwbnahmalgbzahoaygb0agkalgbnag8adgauagmabgafabgacwb6agiadabpac4azwbvahyalgbjag4aaaaaaa==
x-powered-by: asp.net
date: wed, 14 nov 2007 09:11:09 gmt
4.4.5. 客户端发送用登陆本机的账户加密后的质询码
get /iisstart.htm http/1.1
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application/x-silverlight, */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727)
host: logs:81
connection: keep-alive
authorization: negotiate tlrmtvntuaadaaaagaayahyaaaayabgajgaaaaoacgbiaaaaggaaafiaaaakaaoabaaaaaaaaacmaaaabykioguczg4aaaapsgbjae4asgbaaeeazabtagkabgbpahmadabyageadabvahiasgbjae4asgbaamqdxp9owmesaaaaaaaaaaaaaaaaaaaaamej775cwctax2csmbgfq2afsgcop92oma==
4.4.6. 服务端验证通过，返回资源
用户端登录的用户名和密码正好能匹配到服务端的一个用户和密码，验证通过。
http/1.1 200 ok
content-length: 167
content-type: text/html
last-modified: wed, 14 nov 2007 08:21:24 gmt
accept-ranges: bytes
etag: "bf2d54589726c81:e35"
server: microsoft-iis/6.0
x-powered-by: asp.net
date: wed, 14 nov 2007 09:11:09 gmt
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
this is a simple page!
</body>
</html>
5、 集成验证总结
5.1.
客户端以
ip
地址访问服务器
不管客户端跟服务器是否在域、也不管客户端是否以域帐号登陆，只要客户端以ip地址访问服务器，那么客户端就会选择ntlm方式验证，并且不会直接发送客户端登录用户的用户名和密码给服务器，而是会弹出一个对话框要求用户输入用户名和口令，然后发送到服务端验证。
您可以避免在使用 ip 地址或名称中包含句点的企业内部网服务器上出现这种提示，方法是，在 internet explorer 的“本地 intranet”设置中，列出包含 ip 地址的服务器，或是列出包含句点的服务器名称。可以通过依次单击“工具”、“internet 选项”、“本地 intranet”、“站点”、“高级”来访问“本地 intranet”设置部分。然后在“将该网站添加到区域中”输入 http://127.0.0.1 或其他相关站点的 url。
下面总结的都是在客户端以机器名访问服务器的情况。
5.2.
服务器在域，客户端以域帐号登陆
如果客户端的机器在域中，同时登陆用户又是以域用户登录，那么ie选择kerberos验证方式。
5.3.
其他情况
ie
都选择采用
ntlm
验证方式。
出来上述的两种情况，其他情况，客户端都选择ntlm验证，并首先尝试把登录客户端用户的用户名和密码传送给服务器验证，如果验证通过了，被直接授权访问；如果验证没通过，客户端弹出对话框要求输入用户名和密码，然后再传送到服务端验证，直到验证通过。
集成 windows 身份验证kerberos的验证方式是 intranet 环境中最好的身份验证方案，在这种用户拥有 windows 域帐户，kerberos验证不在网络上传递用户密码，只用传送一个用户验证票。ntlm要传送用户的密码，但是密码经过处理后派生出一个8字节的key加密质询码，也是比较安全的。
四、 基本身份验证
客户端ie请求服务端iis的一个页面iisstart.htm。
iis服务端设置：
l 不启用匿名访问
l 只启用基本身份验证
1、 客户端ie申请页面
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: logs:81
connection: keep-alive
2、 服务端返回无授权回应，并告知客户端要求基本身份验证
服务端设置的基本身份验证，所以这里返回的无授权回应的http头中包含 www-authenticate: basic 头，告诉客户端，服务端要求的是基本身份验证
http/1.1 401 unauthorized
content-length: 1327
content-type: text/html
server: microsoft-iis/6.0
www-authenticate: basic realm="logs"
x-powered-by: asp.net
date: mon, 19 nov 2007 06:15:57 gmt
3、 客户端弹出对话框要求输入用户名和密码
get /iisstart.htm http/1.1
accept: */*
accept-language: zh-cn
ua-cpu: x86
accept-encoding: gzip, deflate
user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.2; sv1; .net clr 1.1.4322; infopath.1; .net clr 2.0.50727; maxthon 2.0)
host: logs:81
connection: keep-alive
authorization: basic ywrtaw5pc3ryyxrvcjpzemj0auaxmda1
客户端把用户名和密码转换成base64编码后，直接发送到服务端。
发送到服务器的“authorization: basic”头里面的“ywrtaw5pc3ryyxrvcjpzemj0auaxmda1”部分就是用户的用户名和密码，经过base64解码后是这样的：administrator:szbti@1005
4、 服务端验证通过，返回资源
http/1.1 200 ok
content-length: 167
content-type: text/html
last-modified: wed, 14 nov 2007 08:21:24 gmt
accept-ranges: bytes
etag: "bf2d54589726c81:e7d"
server: microsoft-iis/6.0
x-powered-by: asp.net
date: mon, 19 nov 2007 06:16:34 gmt
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
</head>
<body bgcolor=white>
this is a simple page!
</body>
</html>

如对本文有疑问， 点击进行留言回复！！