header - Authentication issues with WWW-Authenticate: Negotiate

Question

Welcome To Ask or Share your Answers For Others

header - Authentication issues with WWW-Authenticate: Negotiate

posted Oct 6, 2021 in Technique[技术] by 深蓝 (71.8m points)

header - Authentication issues with WWW-Authenticate: Negotiate

I am trying to access a site that is password protected. It is not using basic authentication (even though the same user/pass box pops up in firefox) as the response header is WWW-Authenticate: Negotiate.

I want to automate the login process by sending the correct header.

In basic you would use something like:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

What would I use for negotiate?

question from:https://stackoverflow.com/questions/4265975/authentication-issues-with-www-authenticate-negotiate

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-06T05:23:29+0000

The web server is prompting you for a SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) token.

This is a Microsoft invention for negotiating a type of authentication to use for Web SSO (single-sign-on):

either NTLM
or Kerberos.

See:

Microsoft MSDN Library: HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol
RFC 4178: The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism

Categories

header - Authentication issues with WWW-Authenticate: Negotiate

header - Authentication issues with WWW-Authenticate: Negotiate

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags