Windows身份validation适用于某些人而不是其他人

我有一个通过IIS托pipe的Web应用程序,需要Windows身份validation。 一些用户可以毫无问题地访问应用程序。 其他人会得到一个请求凭据的对话框,但是当他们取消请求时,应用程序会正确加载。 还有一些提示input凭据,当他们进入他们,他们得到一个401错误。 使用Fiddler,我发现用户的身份validation头看起来像这样:

-[NTLM Type3: Authentication]------------------------------ Provider: NTLMSSP Type: 3 OS Version: 6.1:7601 Flags: 0xe2888215 Unicode supported in security buffer. Request server's authentication realm included in Type2 reply. Sign (integrity) NTLM authentication. Negotiate Always Sign. Negotiate NTLM2 Key. Target Information block provided for use in calculation of the NTLMv2 response. Supports 56-bit encryption. Supports 128-bit encryption. Client will provide master key in Type 3 Session Key field. lmresp_Offset: 136; lmresp_Length: 24; lmresp_Length2: 24 ntresp_Offset: 160; ntresp_Length: 24; ntresp_Length2: 24 Domain_Offset: 88; Domain_Length: 16; Domain_Length2: 16 User_Offset: 104; User_Length: 14; User_Length2: 14 Host_Offset: 118; Host_Length: 18; Host_Length2: 18 msg_len: 184 Domain: XXX User: YYY Host: ZZZ 

提示input凭据的用户(但应用程序仍然加载)如下所示:

 -[NTLM Type3: Authentication]------------------------------ Provider: NTLMSSP Type: 3 OS Version: 5.1:2600 Flags: 0xa2888205 Unicode supported in security buffer. Request server's authentication realm included in Type2 reply. NTLM authentication. Negotiate Always Sign. Negotiate NTLM2 Key. Target Information block provided for use in calculation of the NTLMv2 response. Supports 56-bit encryption. Supports 128-bit encryption. lmresp_Offset: 118; lmresp_Length: 24; lmresp_Length2: 24 ntresp_Offset: 142; ntresp_Length: 24; ntresp_Length2: 24 Domain_Offset: 72; Domain_Length: 16; Domain_Length2: 16 User_Offset: 88; User_Length: 12; User_Length2: 12 Host_Offset: 100; Host_Length: 18; Host_Length2: 18 msg_len: 166 Domain: XXX User: VVV Host: WWW lm_resp: 11 E3 1E 09 74 1E 9B 8A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 nt_resp: 98 BF FC 1C BF 65 EE 46 6A 71 26 5E 14 5D 34 CA 1F 1A E2 4A 00 1D BC 58 ------------------------------------ 

标题看起来非常相似,但是,对于不起作用的情况下,缺less以下标志:

  • 标志(诚信)
  • 客户端将在types3会话密钥字段中提供主密钥

我已经search了几天,我似乎无法确定这些密钥来自哪里! 这与浏览器设置有关吗? 帐户设置? 一个IIS设置?

任何build议将不胜感激!