如何在delphi中为Lync server 2013执行NTLM身份验证？

我正在尝试使用SIP中的NTLM方法对从客户端到Lync server 2013软电话的应用程序进行身份验证。但我不知道该怎么做

以下是我对SIP消息的授权部分所做的操作：

if CSeq = '1' then
begin
  // First message is to get the server authentication methods and realm/targetname
  result := result + '';
end
else if CSeq = '2' then
begin
  // On the second message, I pass the realm and targetname, corresponding to the negociate message
  result := result + 'Authorization: NTLM qop="'+mQop+'", realm="'+mRealm+'", targetname="'+mTargetName+'", version='+mVersion+', gssapi-data="" ' + #13#10;
end
else if CSeq = '3' then
begin
  if StrToInt(mVersion) > 3 then
  begin
    result := result + 'Authorization: NTLM opaque="'+mOpaque+'", qop="'+mQop+'", realm="'+mRealm+'", targetname="'+mTargetName+'", '+
                       'gssapi-data="'+**ProcessedChallenge**+'", version='+mVersion+', crand="'+CNONCE+'", '+
                       'cnum="'+NONCECOUNT+'", response="'+**response**+'"' + #13#10;
  end
  else
  begin
    result := result + 'Authorization: NTLM opaque="'+mOpaque+'", qop="'+mQop+'", realm="'+mRealm+'", targetname="'+mTargetName+'", '+
                       'gssapi-data="'+**ProcessedChallenge**+'", version='+mVersion + #13#10;
  end;    
end

问题是，我不确定如何在第三条消息中生成“ProcessedChallenge”和“response”值。剩下的似乎没问题，但以防万一，这里有一些痕迹：

REGISTER sip:novotest.ca SIP/2.0
Via: SIP/2.0/TLS 192.168.20.180:5061
Max-Forwards: 70
Supported: replaces
Contact: <sip:192.168.20.180:5061;transport=tls>
To: <sip:mcote@novotest.ca>
From: <sip:mcote@novotest.ca>;tag=39539C4FEE9F427D8739BE8E5CD813FB;epid=000C299855EC
Call-ID: 82C61A739E594A09934681B2A13B1A8D
CSeq: 1 REGISTER
Expires: 3600
User-Agent: KOMUTEL SIP
Content-Length: 0


SIP/2.0 401 Unauthorized
Date: Mon, 03 Feb 2014 20:03:12 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="qa121vm179.Novotest.ca", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/qa121vm179.Novotest.ca", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="qa121vm179.Novotest.ca", version=4, sts-uri="https://qa121vm179.novotest.ca:443/CertProv/CertProvisioningService.svc"
From: <sip:mcote@novotest.ca>;tag=39539C4FEE9F427D8739BE8E5CD813FB;epid=000C299855EC
To: <sip:mcote@novotest.ca>;tag=FA72F83E7EA12109F5E9C2E8F087DA00
Call-ID: 82C61A739E594A09934681B2A13B1A8D
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 192.168.20.180:5061;ms-received-port=5061;ms-received-cid=164200
Server: RTC/5.0
Content-Length: 0


REGISTER sip:novotest.ca SIP/2.0
Via: SIP/2.0/TLS 192.168.20.180:5061
Max-Forwards: 70
Supported: replaces
Contact: <sip:192.168.20.180:5061;transport=tls>
To: <sip:mcote@novotest.ca>
From: <sip:mcote@novotest.ca>;tag=39539C4FEE9F427D8739BE8E5CD813FB;epid=000C299855EC
Call-ID: 82C61A739E594A09934681B2A13B1A8D
CSeq: 2 REGISTER
Expires: 3600
User-Agent: KOMUTEL SIP
Supported: gruu-10
Authorization: NTLM qop="auth", realm="SIP Communications Service", targetname="qa121vm179.Novotest.ca", version=4, gssapi-data="" 
Content-Length: 0


SIP/2.0 401 Unauthorized
Date: Mon, 03 Feb 2014 20:03:12 GMT
WWW-Authenticate: NTLM opaque="AF511061", gssapi-data="TlRMTVNTUAACAAAAAAAAADgAAADzgpjixfrJRZMjjbQAAAAAAAAAAKAAoAA4AAAABgOAJQAAAA8CABAATgBPAFYATwBUAEUAUwBUAAEAFABRAEEAMQAyADEAVgBNADEANwA5AAQAFgBOAG8AdgBvAHQAZQBzAHQALgBjAGEAAwAsAHEAYQAxADIAMQB2AG0AMQA3ADkALgBOAG8AdgBvAHQAZQBzAHQALgBjAGEABQAWAE4AbwB2AG8AdABlAHMAdAAuAGMAYQAHAAgAlvq/9xohzwEAAAAA", targetname="qa121vm179.Novotest.ca", realm="SIP Communications Service", version=4
From: <sip:mcote@novotest.ca>;tag=39539C4FEE9F427D8739BE8E5CD813FB;epid=000C299855EC
To: <sip:mcote@novotest.ca>;tag=FA72F83E7EA12109F5E9C2E8F087DA00
Call-ID: 82C61A739E594A09934681B2A13B1A8D
CSeq: 2 REGISTER
Via: SIP/2.0/TLS 192.168.20.180:5061;ms-received-port=5061;ms-received-cid=164200
Server: RTC/5.0
Content-Length: 0


REGISTER sip:novotest.ca SIP/2.0
Via: SIP/2.0/TLS 192.168.20.180:5061
Max-Forwards: 70
Supported: replaces
Contact: <sip:192.168.20.180:5061;transport=tls>
To: <sip:mcote@novotest.ca>
From: <sip:mcote@novotest.ca>;tag=39539C4FEE9F427D8739BE8E5CD813FB;epid=000C299855EC
Call-ID: 82C61A739E594A09934681B2A13B1A8D
CSeq: 3 REGISTER
Expires: 3600
User-Agent: KOMUTEL SIP
Supported: gruu-10
Authorization: NTLM opaque="AF511061", qop="auth", realm="SIP Communications Service", targetname="qa121vm179.Novotest.ca", gssapi-data="TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAABYAFgBAAAAAIgAiAFYAAAASABIAeAAAAAAAAAAAAAAABYIAAE4AbwB2AG8AdABlAHMAdAAuAGMAYQBtAGMAbwB0AGUAQABuAG8AdgBvAHQAZQBzAHQALgBjAGEAbABvAGMAYQBsAGgAbwBzAHQADgbcHeX1D8Dq+saY48dGAFVvXh3zWvVzSiDDtTv/vAPWH5sdqkMSRL4r6raCjCOQ", version=4, crand="0b5f113e", cnum="1", response="0100000024A95BA08AA3947964000000" 
Content-Length: 0


SIP/2.0 401 Unauthorized
Date: Mon, 03 Feb 2014 20:03:12 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="qa121vm179.Novotest.ca", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/qa121vm179.Novotest.ca", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="qa121vm179.Novotest.ca", version=4, sts-uri="https://qa121vm179.novotest.ca:443/CertProv/CertProvisioningService.svc"
From: <sip:mcote@novotest.ca>;tag=39539C4FEE9F427D8739BE8E5CD813FB;epid=000C299855EC
To: <sip:mcote@novotest.ca>;tag=FA72F83E7EA12109F5E9C2E8F087DA00
Call-ID: 82C61A739E594A09934681B2A13B1A8D
CSeq: 3 REGISTER
Via: SIP/2.0/TLS 192.168.20.180:5061;ms-received-port=5061;ms-received-cid=164200
ms-diagnostics: 1000;reason="Final handshake failed";HRESULT="0xC3E93EC3(SIP_E_AUTH_UNAUTHORIZED)";source="qa121vm179.Novotest.ca"
Server: RTC/5.0
Content-Length: 0

注册sip:novotest.ca sip/2.0
Via:SIP/2.0/TLS 192.168.20.180:5061
最大前锋：70
支持：替换
联系人：
致：
发件人：；标签=39539C4FEE9F427D8739BE8E5CD813FB；epid=000C299855EC
电话号码：82C61A739E594A09934681B2A13B1A8D
CSeq:1寄存器
有效期：3600
用户代理：KOMUTEL SIP
内容长度：0
SIP/2.0 401未经授权
日期：2014年2月3日星期一20:03:12 GMT
WWW-Authenticate:NTLM realm=“SIP通信服务”，targetname=“qa121vm179.Novotest.ca”，版本=4
WWW-Authenticate:Kerberos-realm=“SIP通信服务”，targetname=“SIP/qa121vm179.Novotest.ca”，版本=4
WWW-Authenticate:TLS-DSK realm=“SIP通信服务”，targetname=“qa121vm179.Novotest.ca”，版本=4，sts uri=”https://qa121vm179.novotest.ca:443/CertProv/CertProvisioningService.svc"
发件人：；标签=39539C4FEE9F427D8739BE8E5CD813FB；epid=000C299855EC
致：；标签=FA72F83E7EA12109F5E9C2E8F087DA00
电话号码：82C61A739E594A09934681B2A13B1A8D
CSeq:1寄存器
Via:SIP/2.0/TLS 192.168.20.180:5061；ms接收端口=5061；ms接收到的cid=164200
服务器：RTC/5.0
内容长度：0
注册sip:novotest.ca sip/2.0
Via:SIP/2.0/TLS 192.168.20.180:5061
最大前锋：70
支持：替换
联系人：
致：
发件人：；标签=39539C4FEE9F427D8739BE8E5CD813FB；epid=000C299855EC
电话号码：82C61A739E594A09934681B2A13B1A8D
CSeq:2寄存器
有效期：3600
用户代理：KOMUTEL SIP
支持：gruu-10
授权：NTLM qop=“auth”，realm=“SIP通信服务”，targetname=“qa121vm179.Novotest.ca”，版本=4，gssapi data=“”
内容长度：0
SIP/2.0 401未经授权
日期：2014年2月3日星期一20:03:12 GMT
WWW.Authenticate:NTLM不透明=“AF511061”，gssapi data=“tlrmtvtuaaaaaaaadgaadzgpjixfrzmjjbqaaaaaaaaakaaoa4aaaababababababababababababababababababababababababababababababababababaaqaababababaaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqa，targetname=“qa121vm179.Novotest.ca”，realm=“SIP通信服务”，版本=4
发件人：；标签=39539C4FEE9F427D8739BE8E5CD813FB；epid=000C299855EC
致：；标签=FA72F83E7EA12109F5E9C2E8F087DA00
电话号码：82C61A739E594A09934681B2A13B1A8D
CSeq:2寄存器
Via:SIP/2.0/TLS 192.168.20.180:5061；ms接收端口=5061；ms接收到的cid=164200
服务器：RTC/5.0
内容长度：0
注册sip:novotest.ca sip/2.0
Via:SIP/2.0/TLS 192.168.20.180:5061
最大前锋：70
支持：替换
联系人：
致：
发件人：；标签=39539C4FEE9F427D8739BE8E5CD813FB；epid=000C299855EC
电话号码：82C61A739E594A09934681B2A13B1A8D
CSeq:3寄存器
有效期：3600
用户代理：KOMUTEL SIP
支持：gruu-10
授权：NTLM opaque=“AF511061”，qop=“auth”，realm=“SIP通信服务”，targetname=“qa121vm179.Novotest.ca”，gssapi数据=“TlrmtVtuaaaaaaaaaaaaaaaaaaaaaaaaaaaabababaaaaaaaaaaaaaaababababababababababababagagaaaaaaaaaaaaaaaaaaaaaaaaaaaaababababababababababababababababababababababababababababababababababababababaaaaaaaaaaaaaaaaaaaaaaababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababa
内容长度：0
SIP/2.0 401未经授权
日期：2014年2月3日星期一20:03:12 GMT
WWW-Authenticate:NTLM realm=“SIP通信服务”，targetname=“qa121vm179.Novotest.ca”，版本=4
WWW-Authenticate:Kerberos-realm=“SIP通信服务”，targetname=“SIP/qa121vm179.Novotest.ca”，版本=4
WWW-Authenticate:TLS-DSK realm=“SIP通信服务”，targetname=“qa121vm179.Novotest.ca”，版本=4，sts uri=”https://qa121vm179.novotest.ca:443/CertProv/CertProvisioningService.svc"
发件人：；标签=39539C4FEE9F427D8739BE8E5CD813FB；epid=000C299855EC
收件人：；标签=FA72F83E7EA12109F5E9C2E8F087DA00
电话号码：82C61A739E594A09934681B2A13B1A8D
CSeq:3寄存器
Via:SIP/2.0/TLS 192.168.20.180:5061；ms接收端口=5061；ms接收cid=164200
ms diagnostics:1000；reason=“最终握手失败”；HRESULT=“0xC3E93EC3（SIP_E_AUTH_UNAUTHORIZED）”；source=“qa121vm179.Novotest.ca”
服务器：RTC/5.0
内容长度：0

我尝试了Indy的SSPI和Overbytecs的身份验证方法，但没有成功。

---

delphi中是否存在这样做的方法？如果是，如何做？

您手动实现SIP而不是使用现有SIP库的原因是什么？说到SIP库，您是否可以使用Lync Server SDK实现这一点？2013年的下载可在此处获得：事实上，对不起，上面的url是用于文档的。Lync服务r 2013 SDK下载如下：。Channel 9上也有视频演示。SDK包括SIP脚本API和SIP托管代码API。