| || |
about the anonymous access is forbidden!
Our web application's the anonymous access is forbidden.So We need read user's NT accounts.But if i do this.ACT will report error that my web site is no security and not go on testing.thanks anyone can help me and tell me how can i do???
Re: about the anonymous access is forbidden!
I am not certain of the problem you are having (you may need to re-describe it in more detail with the actual error message stated), but I have used the 'authorization code' in the http header (with ACT) to gain access to a site that requires the NT LAN manager challenge-response security access (this is what the web browser sets ie when a dialog pops up for NT user/password), here are my notes on this subject:-
I have recorded and played back a script requiring Windows NT LAN manager challenge-response. However, there is an issue when you create multiple users with different passwords:-
The issue is that if you use the 'automated recording' script you will see the 'Authorization code' hard coded in the header requests. This Authorization code does in fact have in it the embedded user/password (encrypted) this 'hard coded' version will be for the user/password of the user that was used during the script creation..BUT in most cases it doesn't matter since if you use a Group of User/Password then the first Logon request will contain the correct 'authorization code' and this will typically be used to identify the user set up a session cookie and log on to the application. The fact that the subsequent http authorization codes doesn't match the first only has implications if the domain access is different for users in the User Group. This is not normally the case as this is System access not Application access. Typically the application access will be determined by the initial log on value (and session information).