堆栈内存溢出
  简体   繁体   English

在 Z4C4A218DB845369D1853ACCA8C 中的 SSL 上使用 Windows 身份验证时,如何解密授权 Header。

[英]How Can I Decrypt the Authorization Header When Using Windows Authentication over SSL in Delphi 10.3

 原文  2021-12-14 09:37:15       delphi/ ssl/ iis/ windows-authentication/ delphi-10.3-rio

问题描述

I have a basic "Web Server Application" created by going to File > New > Web Server Application and choosing ISAPI Dynamic Link Library, which I am using to test Windows Authentication when running within IIS.我通过转到文件 > 新建 > Web 服务器应用程序并选择 ISAPI 动态链接库创建了一个基本的“Web 服务器应用程序”,我用它来测试 Windows 在 Z5DA5ACF461B4EFB7E76Z6EC861065B212 中运行时的身份验证。

I have code that reads in the TWebRequest.Authorization property and decodes the string that is sent from IIS (which is usually Negotiate xxxxxxxxxxxx...) This all works when running the site without SSL.我有读取 TWebRequest.Authorization 属性的代码并解码从 IIS 发送的字符串(通常是 Negotiate xxxxxxxxxxxx...),这在没有 SSL 的情况下运行站点时都有效。 I can extract the username, password, domain and workstation name from the Type3 Message as per http://davenport.sourceforge.net/ntlm.html#type3MessageExample .我可以根据http://davenport.sourceforge.net/ntlm.html#type3MessageExample从 Type3 消息中提取用户名、密码、域和工作站名称。

When SSL is enabled, it seems the string is somehow further encrypted and I get a mess of data from my code which as stated works when SSL is not enabled.当 SSL 被启用时,似乎该字符串以某种方式被进一步加密,并且我从我的代码中得到了一堆数据,如所述当 SSL 未启用时有效。

Could anyone tell me what I could be missing?谁能告诉我我可能会错过什么? I have not posted any code (but can) as I suspect this is not specific to my code but something to do with SSL that I am not aware of.我没有发布任何代码(但可以),因为我怀疑这不是我的代码特有的,而是与我不知道的 SSL 有关。 And searching for answers to this has been somewhat uneventful as I am unaware of the correct terminology to use to get the to correct answers.搜索这个问题的答案有些平静,因为我不知道使用正确的术语来获得正确的答案。

I am not so much looking for a "here is the answer" but a pointer in the correct direction would be most appriciated.我并不是在寻找“这就是答案”,但最适合指向正确方向的指针。

When not using SSL, the Negotiate value is: 'Negotiate TlRMTVNT.... When using SSL, the Negotiate value is: 'Negotiate oXcwdaADCgEBo......不使用 SSL 时,Negotiate 值为:'Negotiate TlRMTVNT....。使用 SSL 时,Negotiate 值为:'Negotiate oXcwdaADCgEBo......

Note on the Non-SSL version the string begins TlRMTVNT, this is what I would expect as that is the NTMLSSP signature Base64Encoded.请注意,在非 SSL 版本中,字符串以 TlRMTVNT 开头,这是我所期望的,因为那是 NMLSSP 签名 Base64Encoded。

1 个解决方案

解决方案1
 0  2021-12-14 14:52:37

When you create a "Web Service Application" project, Delphi creates a TIdHTTPWebBrokerBridge object by default as Server:创建“Web Service Application”项目时,Delphi 默认创建 TIdHTTPWebBrokerBridge object 作为服务器:

type
  TForm1 = class(TForm)
    ...
  private
    FServer: TIdHTTPWebBrokerBridge;
    procedure StartServer;
    ...
  end;

During the wizard of creating Web Service Application project, you have an option to use HTTPS:在创建 Web 服务应用程序项目的向导期间,您可以选择使用 HTTPS:

在此处输入图像描述

By Activating this check-box, you will be prompted for information of a Certificate file:通过激活此复选框,系统将提示您输入证书文件的信息:

在此处输入图像描述

You can search a bit about SSL Certificate files, but you can use OpenSSL to create a self-signed SSL Certificate, here are some useful explanations: https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/ You can search a bit about SSL Certificate files, but you can use OpenSSL to create a self-signed SSL Certificate, here are some useful explanations: https://www.cloudflare.com/learning/ssl/what-is-an- ssl证书/

And regarding using OpenSSL: How to generate a self-signed SSL certificate using OpenSSL?关于使用 OpenSSL: 如何使用 OpenSSL 生成自签名 SSL 证书?

Here are the OpenSSL binary file and Indy SSL required DLL files: https://github.com/IndySockets/OpenSSL-Binaries Here are the OpenSSL binary file and Indy SSL required DLL files: https://github.com/IndySockets/OpenSSL-Binaries

.... ……

After creating your project by activating HTTPS option you will have some other things included by default, the main difference is that now the TIdHTTPWebBrokerBridge component is using a TIdServerIOHandlerSSLOpenSSL component as IO-Handler:通过激活 HTTPS 选项创建项目后,您将默认包含一些其他内容,主要区别在于现在 TIdHTTPWebBrokerBridge 组件使用 TIdServerIOHandlerSSLOpenSSL 组件作为 IO-Handler:

procedure TForm1.FormCreate(Sender: TObject);
var
  LIOHandleSSL: TIdServerIOHandlerSSLOpenSSL;
begin
  FServer := TIdHTTPWebBrokerBridge.Create(Self);
  LIOHandleSSL := TIdServerIOHandlerSSLOpenSSL.Create(FServer);
  LIOHandleSSL.SSLOptions.CertFile := '';
  LIOHandleSSL.SSLOptions.RootCertFile := '';
  LIOHandleSSL.SSLOptions.KeyFile := '';
  LIOHandleSSL.OnGetPassword := OnGetSSLPassword;
  FServer.IOHandler := LIOHandleSSL;
end;

You just need to make SSL Certificate files and put their addresses on OnCreate event as shown above, that IOHandler will handle SSL decryption您只需要制作 SSL 证书文件并将其地址放在 OnCreate 事件上,如上所示,IOHandler 将处理 SSL 解密

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 自Delphi 10.3起,Delphi SOAP客户端Windows身份验证已损坏 - Delphi SOAP Client Windows authentication broken since Delphi 10.3 如何在Delphi 10.3中启用源文件删除 - How can I enable source file dropping in Delphi 10.3 Delphi 10.3 中使用 HTTPRIO 的基本身份验证 - Basic authentication with HTTPRIO in Delphi 10.3 如何让Delphi XE2通过SSL与Google Calendar API对话? - How can I get Delphi XE2 to talk to Google Calendar APIs over SSL? 我可以使用 Delphi 10.3 或 10.4 Professional 通过 FireDAC 连接到远程 Firebird 数据库吗? - Can I use Delphi 10.3 or 10.4 Professional to connect to a remote Firebird database using FireDAC? 如何从 Delphi 10.3 平台中的 android 设备中检索视频的缩略图? - How can i retrieve the thumbnails of a video from an android device in a Delphi 10.3 platform? 如何在 Delphi 10.3 中存储单个数据库以进行多设备访问? - How can I store a single database for multi device access in Delphi 10.3? 我无法在 delphi Rio 10.3 中创建新的网络内项目 - I Can't make a new intraweb project in delphi Rio 10.3 如何在Delphi中为Indy添加“ Authorization = Bearer”标头? - How to add a “Authorization=Bearer” header with Indy in Delphi? 如何使用 Delphi 从 windows 证书存储读取 SSL 证书 - How to read SSL certificate from windows certificate store using Delphi
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM