在使用LR的时候,回放服务器报401 Access Denied错误,
当WEB服务器不允许匿名访问,而我们又没有提供正确的用户名/密码时,服务器就会给出这个返回代码。在IIS中,设置IIS的安全属性为不允许匿名访问,此时直接访问的话就会得到以下返回结果:
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Mon, 06 Mar 2006 09:15:55 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: close
Content-Length: 3964
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
……
此时跳出对话框,让我们输入用户名和密码,当我们在输入了用户名和密码以后,服务器与客户端会再进行两次对话。首先客户端向服务器索取一个公钥,服务器端会返回一个公钥,二者都用BASE64编码,相应的消息如下(编码部分已经做了处理):
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 192.168.0.55:8080
Connection: Keep-Alive
Authorization: Negotiate ABCDEFG……
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Mon, 06 Mar 2006 09:20:53 GMT
WWW-Authenticate: Negotiate HIJKLMN……
Content-Length: 3715
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
……
客户端拿到公钥之后使用公钥对用户名和密码进行加密码,然后把加密以后的结果重新发给服务器:
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 192.168.0.55:8080
Connection: Keep-Alive
Authorization: Negotiate OPQRST……
这样,如果验证通过,服务器端就会把请求的内容发送过来了,也就是说禁止匿名访问的网站会经过三次请求才可以看到页面。但因为客户端浏览器已经缓存了公钥,用同一个浏览器窗口再次请求这个网站上的其它页面时就可以直接发送验证信息,从而一次交互就可以完成了。
脚本代码如下:
#include "web_api.h"
Action()
{
int i=0;
int iLink_Counts=0;
int iRnd_link=0;
char buffer[20]="";
char url[20]="";
web_set_user("192.168.1.111\\administrator", "123456", "192.168.1.111:80");
web_reg_save_param("Save_Links",
"LB=<a href=\"",
"RB=\"",
"ORD=All",
LAST);
web_url("192.168.1.84",
"URL=http://192.168.1.111/",
"Resource=0",
"RecContentType=text/html",
"Referer=",
"Snapshot=t3.inf",
"Mode=HTML",
LAST);
//获得参数文件数组大小
lr_output_message("数组大小:%d",atoi(lr_eval_string("{Save_Links_count}")));
iLink_Counts=atoi(lr_eval_string("{Save_Links_count}"));
for(i=1;i<=iLink_Counts;i=i+1)
{
sprintf(buffer,"{Save_Links_%d}",i);
lr_output_message("%s",lr_eval_string(buffer)) ;
}
srand(time(NULL));
iRnd_link=rand() % iLink_Counts +1;
sprintf(buffer,"{Save_Links_%d}",iRnd_link);
// url="URL="+ lr_eval_string(buffer");
strcpy(url,"URL=");
strcat(url,lr_eval_string(buffer));
web_url(lr_eval_string(buffer),
url,
"Resource=0",
"RecContentType=text/html",
"Referer=",
"Snapshot=t3.inf",
"Mode=HTML",
LAST);
return 0;
}