Question

我正在尝试发送HTTP GET请求，并在收到身份验证标头时使用摘要方法进行身份验证。即使我的代码生成相同的身份验证响应Firefox和curl给出相同的身份验证请求，我仍然会收到401 Unauthorized响应。我尝试了流行的Nodejs模块“请求”，结果相同。这是两个请求的tcpdump输出。第一个是来自Firefox的成功：

15:18:03.615255 IP 192.168.18.1.33966 > 192.168.20.220.30005: tcp 0
....E..<..@.@.............u5K3........9..\.........
"`..........
15:18:03.634223 IP 192.168.20.220.30005 > 192.168.18.1.33966: tcp 0
....E..<..@.=...........u5......K3.................
.g.t"`......
15:18:03.634269 IP 192.168.18.1.33966 > 192.168.20.220.30005: tcp 0
....E..4..@.@.............u5K3.........s.T.....
"`...g.t
15:18:03.735485 IP 192.168.18.1.33966 > 192.168.20.220.30005: tcp 290
....E..V..@.@.............u5K3.........s.v.....
"`...g.tGET / HTTP/1.1
Host: 192.168.20.220:30005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


15:18:03.753943 IP 192.168.20.220.30005 > 192.168.18.1.33966: tcp 0
X........c@.=..2........u5......K3.1..
.g.."`..
15:18:03.762129 IP 192.168.20.220.30005 > 192.168.18.1.33966: tcp 228
X........d@.=..M........u5......K3.1..
.g.."`..HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Digest realm="IgdAuthentication", domain="/", nonce="ZDE4NTY3ZmM6NmYyMzA3NjM6YmQ5NGY3YTA=", qop="auth", algorithm=MD5, opaque="5ccc09c403ebaf9f0171e9517f40e41" 


15:18:03.762172 IP 192.168.18.1.33966 > 192.168.20.220.30005: tcp 0
....E..4..@.@.............u5K3.1.......{.T.....
"`...g..
15:18:06.215945 IP 192.168.18.1.33966 > 192.168.20.220.30005: tcp 564
....E..h..@.@.............u5K3.1.......{.......
"`...g..GET / HTTP/1.1
Host: 192.168.20.220:30005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: Digest username="admin", realm="IgdAuthentication", nonce="ZDE4NTY3ZmM6NmYyMzA3NjM6YmQ5NGY3YTA=", uri="/", algorithm=MD5, response="ae43f4fcaf71340f9c360877dad87c66", opaque="5ccc09c403ebaf9f0171e9517f40e41", qop=auth, nc=00000001, cnonce="9d1ea29022ec08d6"


15:18:06.244925 IP 192.168.20.220.30005 > 192.168.18.1.33966: tcp 38
....E..Z.e@.=..
........u5......K3.e.....Q.....
.g.."`..HTTP/1.1 200 OK
Content-Length: 0

第二个来自我的代码失败：

15:19:08.589647 IP 192.168.18.1.33972 > 192.168.20.220.30005: tcp 0
....E..<..@.@.............u5a.........9..\.........
"`A.........
15:19:08.608304 IP 192.168.20.220.30005 > 192.168.18.1.33972: tcp 0
....E..<..@.=...........u5....#<a.......aN.........
.h.<"`A.....
15:19:08.608333 IP 192.168.18.1.33972 > 192.168.20.220.30005: tcp 0
....E..4..@.@.............u5a.....#=...s.T.....
"`A..h.<
15:19:08.608872 IP 192.168.18.1.33972 > 192.168.20.220.30005: tcp 70
....E..z..@.@.............u5a.....#=...s.......
"`A..h.<GET / HTTP/1.1
Host: 192.168.20.220:30005
Connection: keep-alive


15:19:08.626556 IP 192.168.20.220.30005 > 192.168.18.1.33972: tcp 0
....E..4.r@.=..#........u5....#=a......@.......
.h.O"`A.
15:19:08.631951 IP 192.168.20.220.30005 > 192.168.18.1.33972: tcp 228
....E....s@.=..>........u5....#=a......@A......
.h.Q"`A.HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Digest realm="IgdAuthentication", domain="/", nonce="YmM4ZWY0YjE6MWY4ZjVkMmQ6IGIwNjdkZWI=", qop="auth", algorithm=MD5, opaque="5ccc09c403ebaf9f0171e9517f40e41" 


15:19:08.631966 IP 192.168.18.1.33972 > 192.168.20.220.30005: tcp 0
....E..4..@.@.............u5a.....$!...{.T.....
"`A".h.Q
15:19:08.634442 IP 192.168.18.1.33973 > 192.168.20.220.30005: tcp 0
....E..<..@.@.
...........u5...$......9..\.........
"`A#........
15:19:08.653166 IP 192.168.20.220.30005 > 192.168.18.1.33973: tcp 0
....E..<..@.=...........u5....~w...%....3..........
.h.i"`A#....
15:19:08.653201 IP 192.168.18.1.33973 > 192.168.20.220.30005: tcp 0
....E..4..@.@.
...........u5...%..~x...s.T.....
"`A'.h.i
15:19:08.653534 IP 192.168.18.1.33973 > 192.168.20.220.30005: tcp 524
....E..@.   @.@.............u5...%..~x...s.`.....
"`A(.h.iGET / HTTP/1.1
Authorization: Digest username="admin", realm="IgdAuthentication", nonce="YmM4ZWY0YjE6MWY4ZjVkMmQ6IGIwNjdkZWI=", uri="/", algorithm=MD5, response="1d0539755e0e2ca204a9821027041e8b", qop=auth, nc=00000001, cnonce="MjMwMjkw", opaque="5ccc09c403ebaf9f0171e9517f40e41"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Host: 192.168.20.220:30005
Connection: keep-alive


15:19:08.672345 IP 192.168.20.220.30005 > 192.168.18.1.33973: tcp 0
Xi........@.=...........u5....~x...1..
.h.|"`A(
15:19:10.633047 IP 192.168.18.1.33972 > 192.168.20.220.30005: tcp 0
....E..4..@.@.............u5a.....$!...{.T.....
"`C..h.Q
15:19:10.651962 IP 192.168.20.220.30005 > 192.168.18.1.33972: tcp 0
....E..4.t@.=..!........u5....$!a......@.&.....
.h.8"`C.
15:19:10.651998 IP 192.168.18.1.33972 > 192.168.20.220.30005: tcp 0
....E..4..@.@.............u5a.....$"...{.T.....
"`C..h.8
15:19:10.653565 IP 192.168.18.1.33973 > 192.168.20.220.30005: tcp 0
....E..4.
@.@.
...........u5...1..~x...s.T.....
"`C..h.|
15:19:10.711119 IP 192.168.20.220.30005 > 192.168.18.1.33973: tcp 0
X_........@.=...........u5....~x...2..
.h.s"`C.
15:19:12.674799 IP 192.168.20.220.30005 > 192.168.18.1.33973: tcp 228
X.........@.=...........u5....~x...2..
.h.."`C.HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Digest realm="IgdAuthentication", domain="/", nonce="YWU1ZjhkMWM6MzFmZjllMDA6YzAxNjY4MGM=", qop="auth", algorithm=MD5, opaque="5ccc09c403ebaf9f0171e9517f40e41"

造成这种情况的两个请求之间可能有什么不同？

Answer 1

问题是由在单独的连接上发送的身份验证质询响应引起的，导致身份验证质询无效。解决方案是使用maxSockets设置为1的代理（以避免打开新连接）并确保在第二个请求排队之前套接字没有关闭。

nodejs摘要认证失败

1 个答案: