This is more for curiosity because I am not able to reply or document this event, but this scenario Is:
There are 2 services / applications hosted on IIS 7. Service 1 receives an HTTPS request from an external source (browser, fideleller etc.) and requires 2 service calls to verify the request, so service 1 can be accessed by HTTP for its own, new, different Makes the call. This object contains an authorization header in the object object. When Service 2 receives this call, the authentication header has expired , as if it has been snatched, thus authentication fails, it returns to service 1 which again Rejects external calls. Does anyone have an explanation that this title, and some others that I have seen in the trial, do not make it through HTTP call? Is it the behavior of IIS, or ASP.NET, or something? If Service 2 was called, then HTTPS makes headers properly, I am generating a request like this: Most likely "Service 2" has the code "If the incoming request is HTTP Ignore authorization titles "This is a very reasonable behavior because HTTP traffic can be smoother and can be run again - so the honest server calls potentially vulnerable calls.
string uriendpoint = "http://service.test.com /testService.svc/authtest "; HttpWebRequest request = (HttpWebRequest) WebRequest.Create (uriendpoint); request. Credential = Credential Cache. Default credentials; Var authField = MD5Hash ("test: test !!"); Request.Headers.Add (HttpRequestHeader.Authorization, authField.ToString ()); request. Method = webResearchDisk.HTPGet; HttpWebResponse response = (HttpWebResponse) request.GetResponse ();
No comments:
Post a Comment