All geek questions in one place

Why is Content-Length equal to 0 when sending a POST request with an XMLHttpRequest object?

I have a virtual directory on IIS 5.1 with two aspx pages. Access to Page1 is configured as the "Integrated Windows Authentication" option, and anonymous access is disabled. Page2 is accessible through anonymous access. On the client side, there is an XmlHttpRequest object that can send requests containing POST data to these pages.

First I try to send a request to the page. A standard Windows authentication dialog appears, I enter my credentials and successfully receive POST data. After that, I try to make the same POST request for page 2, which can be accessed anonymously. And in this case, Request has a Content-Length = 0 header, and no data has been sent.

If you repeat the request to Page1 - it successfully receives the POST data. The same code works well in Firefox 3.5. Page2 can receive data even after sending a request for Windows Page1 authentication. What could be wrong? And maybe this is some way to solve this problem?

Thanks!

Sending data:

function sendRequest() {
  var url = "http://tom/AuthTest/Default.aspx";
  var data = "data";
  reqSend(url, data);
}

function sendRequestToWinAuth() {
  var url = "http://tom/AuthTest/DefaultWA.aspx";
  var data = "newdata";
  reqSend(url, data);
}

function reqSend(url, data) {
  var xmlhttp = createRequestObject();
  if (!xmlhttp) {
    alert("Cannot create XMLHttpRequest object.");
    return;
  }
  try {
    xmlhttp.open("POST", url, false);
    xmlhttp.send(data);
  }
  catch (ex) {
    alert("Error: " + ex.message);
  }
}

Page request1:

POST /AuthTest/DefaultWA.aspx HTTP/1.1
Accept: */*
Referer: http://tom/AuthTest/client/testauth.html
Accept-Language: ru
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: tom
Content-Length: 7
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: innovator_user=admin
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAoACgBIAAAABgAGAFIAAAAGAAYAWAAAAAAAAACOAAAABYKIogUBKAoAAAAPcwBjAGEAbgBkAHQAbwBtAFQATwBNAGUdQIkWMQ6PAAAAAAAAAAAAAAAAAAAAAAo3goJdI7RH9poJwnjypksH2F2pIzbEOQ==

newdata

Page request2:

POST /AuthTest/Default.aspx HTTP/1.1
Accept: */*
Referer: http://tom/AuthTest/client/testauth.html
Accept-Language: ru
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: tom
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: innovator_user=admin
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Content-Length: 0
+3
2

, , Windows, , .

2 :

  • () NTLM. , , Kerberos IIS. FAQ IIS Kerberos: http://www.adopenstatic.com/faq/

    , , IIS Kerberos . , - - Kerberos. , . , :

  • Windows . , , :

    • ../Default.aspx
    • ..//DefaultWinAuth.aspx
    • ..//DefaultWinAuth2.aspx

    IWA (Integrated Windows Authentication) "auth" DefaultWinAuth. , , "DefaultWinAuth.aspx", POST. "auth" .

+2

, - IE, : http://www.websina.com/bugzero/kb/browser-ie.html

IE POST URL/, URL/. , - , , .

+1

Source: https://habr.com/ru/post/1714502/

More articles:


All Articles