powershell - New-WebServiceProxy 无法通过 NTLM 进行身份验证-6ren

powershell - New-WebServiceProxy 无法通过 NTLM 进行身份验证

转载作者：行者123 更新时间：2023-12-03 09:45:12

我正在处理一个相当奇怪的问题。我们需要访问 SharePoint 场上的 Lists 服务。通过 Oracle SSO 联合 Web 身份验证，但我们确实为可以执行 Web 请求的自动化配置了帐户。使用 AAM，我们为服务器端自动化配置了一个“内部”URL，该 URL 直接绕过 AD，其他所有内容都被推送到 SSO。

这是我用来尝试获取列表集合的代码(已清理)。

$username = "DOMAIN\username"
$password = "somepassword"
$site = "https://sp.biz.com/sites/SiteCollection"

$credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, (ConvertTo-SecureString $password -AsPlainText -Force)

$proxy = New-WebServiceProxy -Uri "$site/_vti_bin/Lists.asmx" -Credentials $credentials

$proxy.GetListCollection()

当我使用该代码时，我遇到了 403。

Exception calling "GetListCollection" with "0" argument(s): "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"

如果我将 $site 更改为使用内部 URL(通过 AAM 设置)并在前端之一上运行它，我将成功收到列表集合。现在，起初我认为帐户和权限存在问题，但在运行 Fiddler 捕获后，我发现它根本无法进行身份验证。

当我运行以下 cURL 命令时，它会进行身份验证并返回列表集合。 Soap.xml 只是直接从 WDSL 复制的基本 GetListCollection 数据包。

curl -v -u 'username':'pass' --ntlm -X POST -H "Content-Type: text/xml" --data-binary @soap.xml https://sp.biz.com/sites/SiteCollection/_vti_bin/Lists.asmx

这是来自 cURL 的清理过的详细输出。

* STATE: INIT => CONNECT handle 0x600056190; line 1029 (connection #-5000)
* Hostname was NOT found in DNS cache
*   Trying <IPv6>...
* STATE: CONNECT => WAITCONNECT handle 0x600056190; line 1082 (connection #0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to sp.biz.com (<IPv6>) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/ssl/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* STATE: WAITCONNECT => PROTOCONNECT handle 0x600056190; line 1222 (connection #0)
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using TLSv1.2 / DES-CBC3-SHA
*        SSL certificate verify ok.
* STATE: PROTOCONNECT => DO handle 0x600056190; line 1241 (connection #0)
* Server auth using NTLM with user 'DOMAIN\username'
> POST /sites/SiteCollection/_vti_bin/Lists.asmx HTTP/1.1
> Authorization: NTLM <snip>
> User-Agent: curl/7.39.0
> Host: sp.biz.com
> Accept: */*
> Content-Type: text/xml
> Content-Length: 0
>
* STATE: DO => DO_DONE handle 0x600056190; line 1314 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x600056190; line 1441 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x600056190; line 1454 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 401 Unauthorized
* Server Microsoft-IIS/7.5 is not blacklisted
< Server: Microsoft-IIS/7.5
< SPRequestGuid: <snip>
< WWW-Authenticate: NTLM <snip>
< X-Powered-By: ASP.NET
< MicrosoftSharePointTeamServices: 14.0.0.7006
< X-MS-InvokeApp: 1; RequireReadOnly
< Date: Fri, 16 Jan 2015 01:02:56 GMT
< Content-Length: 0
< Set-Cookie: BIGipServerserver_pool=<snip>; expires=Sat, 17-Jan-2015 01:02:56 GMT; path=/
<
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host sp.biz.com left intact
* Issue another request to this URL: 'https://sp.biz.com/sites/SiteCollection/_vti_bin/Lists.asmx'
* STATE: PERFORM => CONNECT handle 0x600056190; line 1601 (connection #-5000)
* Found bundle for host sp.biz.com: 0x60006aef0
* Re-using existing connection! (#0) with host sp.biz.com
* Connected to sp.biz.com (<IPv6>) port 443 (#0)
* STATE: CONNECT => DO handle 0x600056190; line 1075 (connection #0)
* Server auth using NTLM with user 'DOMAIN\username'
> POST /sites/SiteCollection/_vti_bin/Lists.asmx HTTP/1.1
> Authorization: NTLM <snip>
> User-Agent: curl/7.39.0
> Host: sp.biz.com
> Accept: */*
> Content-Type: text/xml
> Content-Length: 353
>
} [data not shown]
* upload completely sent off: 353 out of 353 bytes
* STATE: DO => DO_DONE handle 0x600056190; line 1314 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x600056190; line 1441 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x600056190; line 1454 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Cache-Control: private, max-age=0
< Content-Type: text/xml; charset=utf-8
* Server Microsoft-IIS/7.5 is not blacklisted
< Server: Microsoft-IIS/7.5
< SPRequestGuid: <snip>
< Set-Cookie: FedAuth=<snip>; expires=Fri, 16-Jan-2015 08:36:07 GMT; path=/; secure; HttpOnly
< X-SharePointHealthScore: 0
< X-AspNet-Version: 2.0.50727
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< MicrosoftSharePointTeamServices: 14.0.0.7006
< X-MS-InvokeApp: 1; RequireReadOnly
< Date: Fri, 16 Jan 2015 01:02:56 GMT
< Content-Length: 104088
< Vary: Accept-Encoding
<
{ [data not shown]
* STATE: PERFORM => DONE handle 0x600056190; line 1626 (connection #0)
100  101k  100  101k  100   353   219k    762 --:--:-- --:--:-- --:--:--  219k
* Connection #0 to host sp.biz.com left intact

非常感谢任何帮助。如果缺少 cmdlet，我不反对通过 PowerShell 的 C# 解决方案。

美国东部时间 01-16-2015 下午 12:13 更新 - 我更新了问题以反射(reflect) HighUnavailable 的建议并包含来自 Fiddler 捕获的标题。

以下是来自 PowerShell 脚本的清理过的 header :

CONNECT sp.biz.com:443 HTTP/1.1
Host: sp.biz.com
Connection: Keep-Alive
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:14:46.372
Connection: close
------------------------------------------------------------------
GET https://sp.biz.com/sites/SiteCollection/_vti_bin/Lists.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5485)
Host: sp.biz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
SPRequestGuid: <snip>
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.7006
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 16 Jan 2015 17:14:46 GMT
Connection: keep-alive
Content-Length: 9066
Set-Cookie: BIGipServerserver_pool=<snip>; expires=Sat, 17-Jan-2015 17:14:46 GMT; path=/
Vary: Accept-Encoding
------------------------------------------------------------------
GET https://sp.biz.com/_vti_bin/Lists.asmx?disco HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5485)
Host: sp.biz.com
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
SPRequestGuid: <snip>
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.7006
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 16 Jan 2015 17:14:46 GMT
Connection: close
Content-Length: 747
------------------------------------------------------------------
CONNECT sp.biz.com:443 HTTP/1.1
Host: sp.biz.com
Connection: Keep-Alive
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:14:47.505
Connection: close
------------------------------------------------------------------
GET https://sp.biz.com/_vti_bin/Lists.asmx?wsdl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5485)
Host: sp.biz.com
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
SPRequestGuid: <snip>
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.7006
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 16 Jan 2015 17:14:46 GMT
Connection: close
Content-Length: 72672
Set-Cookie: BIGipServerserver_pool=<snip>; expires=Sat, 17-Jan-2015 17:14:47 GMT; path=/
Vary: Accept-Encoding
------------------------------------------------------------------
CONNECT sp.biz.com:443 HTTP/1.1
Host: sp.biz.com
Connection: Keep-Alive
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:14:48.727
Connection: close
------------------------------------------------------------------
POST https://sp.biz.com/_vti_bin/Lists.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5485)
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://schemas.microsoft.com/sharepoint/soap/GetListCollection"
Host: sp.biz.com
Content-Length: 321
Expect: 100-continue
HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.7006
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 16 Jan 2015 17:14:48 GMT
Content-Length: 459
Set-Cookie: BIGipServerserver_pool=686493706.47873.0000; expires=Sat, 17-Jan-2015 17:14:48 GMT; path=/
------------------------------------------------------------------

以下是 cURL 命令的 header 。

CONNECT sp.biz.com:443 HTTP/1.1
Host: sp.biz.com:443
User-Agent: curl/7.39.0
Connection: Keep-Alive
Content-Type: text/xml
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:21:07.928
Connection: close
------------------------------------------------------------------
POST https://sp.biz.com/sites/SiteCollection/_vti_bin/Lists.asmx HTTP/1.1
Authorization: NTLM <snip>=
User-Agent: curl/7.39.0
Host: sp.biz.com
Accept: */*
Content-Type: text/xml
Content-Length: 0
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
SPRequestGuid: <snip>
WWW-Authenticate: NTLM <snip>
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.7006
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 16 Jan 2015 17:21:07 GMT
Content-Length: 0
Set-Cookie: BIGipServerserver_pool=<snip>; expires=Sat, 17-Jan-2015 17:21:07 GMT; path=/
Proxy-Support: Session-Based-Authentication
------------------------------------------------------------------
POST https://sp.biz.com/sites/SiteCollection/_vti_bin/Lists.asmx HTTP/1.1
Authorization: NTLM <snip>
User-Agent: curl/7.39.0
Host: sp.biz.com
Accept: */*
Content-Type: text/xml
Content-Length: 417
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
SPRequestGuid: <snip>
Set-Cookie: FedAuth=<snip>; expires=Sat, 17-Jan-2015 03:20:50 GMT; path=/; secure; HttpOnly
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
Persistent-Auth: true
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.7006
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 16 Jan 2015 17:21:07 GMT
Content-Length: 66628
Vary: Accept-Encoding
------------------------------------------------------------------

最佳答案

你在这里混合了两种根本不同的技术。
$proxy = New-WebServiceProxy -Uri "$site/_vti_bin/Lists.asmx" -UseDefaultCredential $proxy.PreAuthenticate = $TRUE $proxy.Credentials = $credentials
UseDefaultCredential 将尝试将您当前登录的 Windows 域用户传递到该站点。但是，您还要设置凭据。通常，您会使用 -Credential $credentials (见 http://technet.microsoft.com/en-us/library/hh849841.aspx)

您正在运行的 curl 命令更类似于使用 -Credential :-u是等价的。

尝试使用类似 $proxy = New-WebServiceProxy -Uri "$site/_vti_bin/Lists.asmx" -Credential $credentials 的东西反而。

如果这不起作用，请编辑您的问题以包含从 Oracle SSO 连接返回的 header - 可能是它甚至根本不要求提供凭据。

关于powershell - New-WebServiceProxy 无法通过 NTLM 进行身份验证，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/27975936/

文章推荐： jakarta-ee - 拦截器真的默认禁用了吗？

文章推荐： XAMPP:您的连接不是私有(private)的 NET::ERR_CERT_AUTHORITY_INVALID

文章推荐： javascript - 动态 Getters 和 Setters - 为什么这不起作用？

powershell - New-WebServiceProxy 和代理服务器之间的兼容性
我是不是漏掉了什么？ new-webserviceproxy 不支持代理凭据吗？公司环境总是使用代理服务器与网络的其余部分进行对话，而我似乎无法通过我们的代理服务器进行对话。我收到 407 需要代理
javascript - Sys.Net.WebServiceProxy 的定义位置
尝试使用 JavaScript 通过其生成的代理类来调用 WCF Web 服务。代理类包含行: IDemoWCFService.registerClass('IDemoWCFService',Sys.
powershell - 是否有任何 New-WebServiceProxy 替代方案？
我正在尝试在 PowerShell 6 上使用 SOAP Web 服务。我曾经使用 New-WebServiceProxy 完成此任务。早期版本上的命令，但在 PowerShell 6 上不再存在。是
c# - Powershell New-WebServiceProxy 异步方法
我有一个 WCF 库公开了一些有用的信息，我使用 New-WebServiceProxy cmdlet 从 powershell 查询它们 $link = "http://localhost/Rlib
powershell - 在 New-WebServiceProxy 中包含德语变音的 PSCredential
我尝试创建一个 PSCredential密码包含的对象德国元音变音并将其传递给 New-WebServiceProxy小命令。只要密码不包含以下示例中的任何变音符号，代码就会按预期工作: $secp
powershell - New-WebServiceProxy 无法通过 NTLM 进行身份验证
我正在处理一个相当奇怪的问题。我们需要访问 SharePoint 场上的 Lists 服务。通过 Oracle SSO 联合 Web 身份验证，但我们确实为可以执行 Web 请求的自动化配置了帐户。使
web-services - PSH Runspaces + New-WebServiceProxy = 2个连接限制？
我需要一个调用内部Web服务的高性能脚本。因此，我编写了一个powershell脚本来创建运行空间线程，每个运行空间线程都向一个通用Web服务代理对象(New-WebServiceProxy)发出请求
wcf - 使用 -Namespace 时 New-WebServiceProxy cmdlet 中存在错误？
所以我遇到了这个问题:http://www.vistax64.com/powershell/273120-bug-when-using-namespace-parameter-new-webservi
asp.net - New-WebServiceProxy cmdlet失败，出现 “The operation has timed out”异常
我正在使用PowerShell部署ASP.NET应用程序。它包括Web服务，部署Web应用程序后，我需要立即调用其方法之一。显然，此请求将花费一些时间，因为它应该“预热”网站。因此，我对New-We
wcf - 使用 PowerShell 的 New-WebServiceProxy 访问 net.tcp 端点
我正在尝试从 powershell 访问 net.tcp 端点。我想使用 New-WebServiceProxy为此目的，但是我不确定是否可以做到。现在我得到一个 + FullyQualifi
web-services - 使用 New-WebServiceProxy 在 PowerShell 中添加自定义 SOAP header
在 C# 中，我可以执行以下操作: var header = MessageHeader.CreateHeader("MyHeader", "http://mynamespace", "Header
web-services - 是否可以通过 New-WebServiceProxy 向 Web 服务发送额外的 HTTP header
我需要交互的 Web 服务(通常是手动进行测试)在某些请求上需要额外的 HTTP header 。快速手动测试与 PowerShell 的 New-WebServiceProxy 配合得非常好，但到目
asp.net - 调用 ASP.NET AJAX WebServiceProxy.invoke() Javascript 方法时出现问题
我编写的一些代码有问题。我不得不匿名，但我可以提出问题。该 JavaScript 在 iframe 内运行，并且是实例化对象的一部分。特别是问题是，每次在 invoke() 调用中“类型‘对象’无法转
web-services - 我可以使用 PowerShell 的 New-WebServiceProxy 过滤基于 WSDL 的 SOAP 查询以仅发送一个参数吗？
问题:对 ServiceNow 的 ../cmdb_ci_win_server.do?WSDL 表的所有 Web 服务调用都返回零结果。原因:我正在使用 PowerShell 的 New-WebSe

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城

powershell - New-WebServiceProxy 无法通过 NTLM 进行身份验证