HttpWebRequest.UnsafeAuthenticatedConnectionSharing 屬性


取得或設定值,指出是否允許高速 NTLM 驗證連線共用。Gets or sets a value that indicates whether to allow high-speed NTLM-authenticated connection sharing.

 property bool UnsafeAuthenticatedConnectionSharing { bool get(); void set(bool value); };
public bool UnsafeAuthenticatedConnectionSharing { get; set; }
member this.UnsafeAuthenticatedConnectionSharing : bool with get, set
Public Property UnsafeAuthenticatedConnectionSharing As Boolean



true 表示保持開啟已驗證的連接,否則為 falsetrue to keep the authenticated connection open; otherwise, false.


這個屬性的預設值為 false ,這會在要求完成之後關閉目前的連接。The default value for this property is false, which causes the current connection to be closed after a request is completed. 您的應用程式必須在每次發出新要求時經過驗證順序。Your application must go through the authentication sequence every time it issues a new request.

如果此屬性設定為,則在 true 執行驗證之後,用來抓取回應的連接會保持開啟狀態。If this property is set to true, the connection used to retrieve the response remains open after the authentication has been performed. 在此情況下,將此屬性設定為的其他要求, true 可能會使用連接,而不需要重新驗證。In this case, other requests that have this property set to true may use the connection without re-authenticating. 換句話說,如果已驗證使用者 A 的連線,使用者 B 可能會重複使用的連線;使用者 B 的要求會根據使用者 A 的認證來完成。In other words, if a connection has been authenticated for user A, user B may reuse A's connection; user B's request is fulfilled based on the credentials of user A.


由於應用程式可能會在沒有驗證的情況下使用連線,因此您必須確定您的系統中沒有系統管理弱點,將此屬性設定為 trueBecause it is possible for an application to use the connection without being authenticated, you need to be sure that there is no administrative vulnerability in your system when setting this property to true. 如果您的應用程式傳送要求給多個使用者 (會模擬多個使用者帳戶) 並依賴驗證來保護資源, true 除非您使用如下所述的連線群組,否則請不要將此屬性設定為。If your application sends requests for multiple users (impersonates multiple user accounts) and relies on authentication to protect resources, do not set this property to true unless you use connection groups as described below.

如果您的效能問題,而且您的應用程式是在具有整合式 Windows 驗證的網頁伺服器上執行,您可能會想要啟用此機制。You may want to consider enabling this mechanism if your are having performance problems and your application is running on a Web server with integrated Windows authentication.

啟用此設定會讓系統面臨安全性風險。Enabling this setting opens the system to security risks. 如果您將 UnsafeAuthenticatedConnectionSharing 屬性設定為 true 務必採取下列預防措施:If you set the UnsafeAuthenticatedConnectionSharing property to true be sure to take the following precautions:

  • 使用 ConnectionGroupName 屬性來管理不同使用者的連接。Use the ConnectionGroupName property to manage connections for different users. 這可避免未經驗證的應用程式可能使用連接。This avoids the potential use of the connection by non-authenticated applications. 例如,使用者 A 應具有與使用者 B 不同的唯一連接組名。這會為每個使用者帳戶提供一個隔離層。For example, user A should have a unique connection group name that is different from user B. This provides a layer of isolation for each user account.

  • 在受保護的環境中執行您的應用程式,以避免可能的連線入侵。Run your application in a protected environment to help avoid possible connection exploits.

如果您控制後端伺服器,您可以考慮關閉驗證持續性。If you control the back-end server, as an alternative you might consider turning off authentication persistence. 這會提高效能,但較安全。This increases performance to a lesser degree, but it is safer. 如需詳細資訊,請參閱 AuthPersistenceFor more details, see AuthPersistence.


如果 PreAuthenticateUnsafeAuthenticatedConnectionSharing 都設定為 true ,則會使用來自 unsafe 集區的連接,但使用 Authorization 標頭來傳送每個要求。If both PreAuthenticate and UnsafeAuthenticatedConnectionSharing are set to true, each request is sent using a connection from the unsafe pool, but with an Authorization header.