Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Authentication issue with IntGetFile
#1
I'm having a failure authenticating against an IIS 7.5 server using Windows authentication (with some additional LDAP restrictions in the server's web.config file). It does work in the browsers (IE/Chrome/FireFox). Here's the function:

Member function WebServiceManager.CreatePagingLinks
Code:
Copy      Help
function str'FirstName str'LastName ARRAY(str)&pagingURLs ;; Invokes CreatePagingLinks web service

str encodedFirstName=FirstName.escape(9)
str encodedLastName=LastName.escape(9)
str getURL = F"http://blah.blah.org/WebServiceManager2/service.asmx/CreatePagingLinks?FirstName={encodedFirstName}&LastName={encodedLastName}"

str outputString
out getURL
IntSettings 0 "" "" 0 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36/QM2"
IntGetFile getURL outputString 4 INTERNET_FLAG_KEEP_CONNECTION
IXml xml=CreateXml
xml.FromString(outputString)
out outputString
ARRAY(IXmlNode) a
xml.Path("ArrayOfString/string" a)
out F"XML length {a.len} a is {a}"

int i
for i 0 a.len
,str pagingURL=pagingURLs[pagingURLs.redim(-1)]
,pagingURLs[i] = a[i].Value
,
ret 1

The only reason for setting the user agent was to get it to match one of the browsers.

Fiddler shows the browsers invoking the URL three times - just the standard NTLM protocol (the first two requests fail with a 401 and the third works). Here's what I see from Fiddler for QM:
Code:
Copy      Help
GET http://blah.blah.org/WebServiceManager2/service.asmx/CreatePagingLinks?FirstName=&LastName=Pomer HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36/QM2
Host: blah.blah.org
Connection: Keep-Alive
Pragma: no-cache


and the response is
Code:
Copy      Help
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 08 Aug 2013 14:19:27 GMT
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

FireFox has a similar request:
Code:
Copy      Help
GET http://blah.blah.org/WebServiceManager2/service.asmx/CreatePagingLinks?FirstName=&LastName=Pomer HTTP/1.1
Host: blah.blah.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive

and the response is
Code:
Copy      Help
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 08 Aug 2013 14:23:10 GMT
Content-Length: 1293

Then FireFox make the second request but QM doesn't.
Some differences I see:
  • The Accept headers in FireFox - I think this is irrelevant for authentication
  • QM has 'Pragma: no-cache'
  • FireFox has DNT
  • Case difference 'Keep-Alive' vs. 'keep-alive'

Not sure if any of this matters. Any hints welcomed.

I believe that this was working last week; there were some server side changes in the LDAP groups which broke things completely. When these were fixed the browser worked but QM did not. It is possible that there is some error in the server protocol but I don't see it.
#2
One additional factoid: in Fiddler if I replay the failed request from QM it works. No editing of the request needed.
#3
You can try to send custom headers with this function.

Member function Http.Get2
Code:
Copy      Help
function# $remoteFile str&data [flags] [inetFlags] [str&responseHeaders] [$sendHeaders] ;;flags: 1-3 cache flags, 16 download to file, 32 run in other thread

;Downloads web page or other file.
;Returns: 1 success, 0 failed.

;remotefile - file to download, relative to server. Examples: "index.htm", "images/earth.jpg".
;data - variable that receives file data. If flag 16 - variable that contains local file name.
;flags, inetflags, responseheaders - see IntGetFile. Does not support flags: 4, 8.

;REMARKS
;At first call Connect to connect to web server.

;Added in: QM 2.3.2.

;See also: <IntGetFile>


if(flags&0x10000) goto g1 ;;thread

if(!Cache(flags inetFlags)) ret

if(flags&0x10000=0) if(m_dlg or flags&32) ret Thread(1 &remoteFile "Downloading" remoteFile)
;g1
__HInternet hi=HttpOpenRequest(m_hi "GET" remoteFile 0 0 0 inetFlags 0); if(!hi) ret Error
if(!HttpSendRequest(hi sendHeaders -1 0 0)) ret Error
if(&responseHeaders and !GetResponseHeaders(hi responseHeaders)) ret Error
ret Read(hi data flags&16)

;note: HttpOpenRequestW does not support Unicode too.

example
Macro Macro2119
Code:
Copy      Help
Http h.Connect("blah.blah.org")
str headers=
;Host: blah.blah.org
;User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
;Accept-Language: en-US,en;q=0.5
;Accept-Encoding: gzip, deflate
;DNT: 1
;Connection: keep-alive
h.Get2(F"WebServiceManager2/..." outputString 0 0 0 headers)

HttpSendRequest will add/remove something, it also depends on inetFlags.
With Get2 don't use flag 32.


Forum Jump:


Users browsing this thread: 1 Guest(s)