我正在尝试POST一个包含隐藏字段和文件并且传输挂起的multipart/form-data.
Web服务器: 运行IIS 8.0的Windows 2012服务器.
身份验证:启用Windows(Negotiate&NTLM)
客户端: Windows 2008 Server/Windows 2012 Server(localhost)Internet Explorer 10.0.12都存在相同的问题
我有一个在Web服务器上运行的CGI,我检查以确保它可用并响应,然后我发出一个JQuery Ajax请求来发送POST数据.使用Fiddler我看了Web服务器和浏览器进行通信(下面).它挂起在最后一个请求上,它显示内容长度为500,但没有数据.似乎IE正在等待发送它(?).
在Fiddler中,您可以在发送响应之前修改数据.我试过这个,它不允许编辑.似乎它仍在等待IE继续发送.我尝试关闭Windows身份验证并打开匿名,我没有任何问题.此外,在第一个请求中,我无法重现该问题(它按预期工作)但在后续请求中它是一致的.Chrome,Firefox或IE9及更早版本没有任何问题.我无法确定它是浏览器还是Web服务器.
请求1 CGI检查
POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Host: www.example.com Pragma: no-cache HTTP/1.1 401 Unauthorized Content-Type: text/html Server: Microsoft-IIS/8.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-Powered-By: ASP.NET Date: Fri, 03 Jan 2014 20:29:28 GMT Content-Length: 1293 Proxy-Support: Session-Based-Authentication401 - Unauthorized: Access is denied due to invalid credentials. Server Error
POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Pragma: no-cache Host: www.example.com HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgoniOb3rEHzeNj0AAAAAAAAAAJwAnABKAAAABgLwIwAAAA9MAFIAUwBEAE8ATQBBAEkATgACABIATABSAFMARABPAE0AQQBJAE4AAQAUAFcASQBOAC0AUQBBADIAMAAxADIABAAUAGwAcgBzAGkAbgBjAC4AbwByAGcAAwAqAFcASQBOAC0AUQBBADIAMAAxADIALgBsAHIAcwBpAG4AYwAuAG8AcgBnAAUAFABsAHIAcwBpAG4AYwAuAG8AcgBnAAcACABOH1yAwgjPAQAAAAA= Date: Fri, 03 Jan 2014 20:29:28 GMT Content-Length: 341 Proxy-Support: Session-Based-AuthenticationNot Authorized Not Authorized
HTTP Error 401. The requested resource requires user authentication.
POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Host: www.example.com Pragma: no-cache Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPuaPj4eFf7hfIoOiAvf0/xWwAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdKgld6FBtRxfUcAQJS6yPAQEAAAAAAABOH1yAwgjPAQcXz+RFuDKzAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAE4fXIDCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAADYL8orn+roxnPVhMNa1G0w HTTP/1.1 200 OK Content-Type: text/html Server: Microsoft-IIS/8.0 Persistent-Auth: true X-Powered-By: ASP.NET Date: Fri, 03 Jan 2014 20:29:28 GMT Connection: close Content-Length: 0
请求2 POST数据和文件
POST http://www.example.com/test/mycgi.exe/ABC?trid=pxupld HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Content-Type: multipart/form-data; boundary=---------------------------7dd3c817903dc Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Host: www.example.com DNT: 1 Connection: Keep-Alive Pragma: no-cache Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Content-Length: 0 HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgonioR3IHBVFoYwAAAAAAAAAAJwAnABKAAAABgLwIwAAAA9MAFIAUwBEAE8ATQBBAEkATgACABIATABSAFMARABPAE0AQQBJAE4AAQAUAFcASQBOAC0AUQBBADIAMAAxADIABAAUAGwAcgBzAGkAbgBjAC4AbwByAGcAAwAqAFcASQBOAC0AUQBBADIAMAAxADIALgBsAHIAcwBpAG4AYwAuAG8AcgBnAAUAFABsAHIAcwBpAG4AYwAuAG8AcgBnAAcACABzQ2OAwgjPAQAAAAA= Date: Fri, 03 Jan 2014 20:29:28 GMT Content-Length: 341 Proxy-Support: Session-Based-AuthenticationNot Authorized Not Authorized
HTTP Error 401. The requested resource requires user authentication.
POST http://www.example.com/test/mycgi.exe/ABC?trid=pxupld HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Content-Type: multipart/form-data; boundary=---------------------------7dd3c817903dc Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Host: www.example.com Content-Length: 500 DNT: 1 Proxy-Connection: Keep-Alive Pragma: no-cache Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPbaRPHPhdB+KO+QMFMSieX2wAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUat4cr34A16p/u9YeXYBAAQEAAAAAAABzQ2OAwgjPAVb+mEX8/lPwAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAHNDY4DCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAAAQcolcJBPzOWjm8V7iJiki
挂起等待我假设的数据,有什么想法吗?
这是怎么回事.
您从IIS请求页面.
IIS说"不,你必须验证(401).我采取谈判和/或NTLM." (在启用Windows身份验证的默认配置中)
IE会随您的请求一起发送身份验证标头,IIS会愉快地将您的页面发回.
IE将身份验证附加到它使用的TCP连接,因此它不必再次向IIS进行身份验证.
你等一下,IE对你感到厌倦并关闭它保持打开的TCP连接(参见Keep-Alive标题.并且不要关闭保持活动.).当TCP连接关闭时,所有多汁的Windows身份验证都会消失.
您最终做了一些触发某些二进制有效负载或多部分/表单数据的XHR POST的操作.
IE在新的TCP连接上完全通过Windows身份验证交换.
IE搞砸了并提交你的帖子,但无法发送数据.它只是停止而不是这样做.在multipart/form-data的情况下,客户端和服务器进入一个鸡的游戏,每个人都在等待另一个做某事并且IE挂起.对于其他mime类型,我注意到IIS发回408而不是挂起.
解决方法:向IIS发送GET或HEAD请求.IE将根据该请求进行身份验证.完成后,发送您的POST.IE将从您的POST的GET或HEAD请求(及其多汁的Windows身份验证数据)中回收TCP连接,并正确发送您的数据.