Re: Code runs until Basic Authentication or Digest Authentication

From: Steven Cheng[MSFT] (stcheng_at_online.microsoft.com)
Date: 10/27/05 

Date: Thu, 27 Oct 2005 02:40:35 GMT

Hi Bmeyer,

>From a general view of the code you provided, the code logic is all ok.
You're using the HTTpWebRequest component to programmatically request the
SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw you've
attached the NetworkCredential for the request in code. However, I 've
found one problem which maybe the cause in the following function:

========================
 Public Function GetSessionVars() As Boolean
        ' First get the Session Cookie
        Dim ASPCookieName As String = ""
        Dim ASPCookieValue As String = ""
        Dim myRequest As WebRequest
        Dim myResponse As WebResponse
        Dim PageVal As String

        Try
            If Not GetSessionCookie(ASPCookieName, ASPCookieValue) Then
                Return False
            End If

            ' Initialize the WebRequest.
            PageVal = CreateURI()
            myRequest = WebRequest.Create(PageVal)

           '.................................
           '.................................

                     'Dim myCred As New
NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
ConfigurationSettings.AppSettings("AuthPwd"))
            Dim myCred As New
NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
ConfigurationSettings.AppSettings("AuthPwd"),
ConfigurationSettings.AppSettings("AuthDomain"))
            '20 Jul 05 end
            Dim myCache As New CredentialCache
            myCache.Add(oContext.Current.Request.Url, "Basic", myCred)
            myRequest.Credentials = myCache
       
=============================

At the start of the function, you use the "PageVal"(which should be the asp
page's url) to create the webrequest

  PageVal = CreateURI()
            myRequest = WebRequest.Create(PageVal)

However, when you create the NetworkCredential and add into the
CredentialCache, you use the

"oContext.Current.Request.Url" as the Url, I think you should change this
to "PageVal" because the url for the Credential should match the target
page's url rather than the current page. Try the following one instead to
see whether it works:

       Dim myCache As New CredentialCache
            myCache.Add(PageVal, "Basic", myCred)
            myRequest.Credentials = myCache

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| Thread-Topic: Code runs until Basic Authentication or Digest
Authentication
| thread-index: AcXaStyV2GreI66gTB2zKWsv+usadg==
| X-WBNR-Posting-Host: 205.158.212.246
| From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam>
| References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
<OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
<qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
<OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
<8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
<#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
| Subject: Re: Code runs until Basic Authentication or Digest Authentication
| Date: Wed, 26 Oct 2005 09:32:31 -0700
| Lines: 96
| Message-ID: <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8830
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Based on these logs, do you see anything else that might steer us in the
| right direction
|
| --Works - Anonymous Allowed
| 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 301 0 0
| 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80
-
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 200 0 0
| 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/start.asp - 80 -
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/ 200 0 0
| 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 -
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM
http://dev5/aspaspx/start.asp
| 200 0 0
| 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 -
| 111.222.333.23 - ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM - 200 0 0
| 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 -
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM
| http://dev5/aspaspx/SessionVar.asp 200 0 0
|
| --Fails - Digest Authentication
| 2005-10-24 19:37:51 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 401 2 2148074254
| 2005-10-24 19:37:59 111.222.333.23 GET /aspaspx - 80 XT2\joe.bob
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 301 0 0
| 2005-10-24 19:37:59 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80
| XT2\joe.bob 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 200 0 0
| 2005-10-24 19:38:00 111.222.333.23 GET /aspaspx/start.asp - 80
XT2\joe.bob
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL http://dev5/aspaspx/ 200 0 0
| 2005-10-24 19:38:00 111.222.333.23 GET /aspaspx/SessionVar.asp - 80
| XT2\joe.bob 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL
http://dev5/aspaspx/start.asp
| 200 0 0
| 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 -
| 111.222.333.23 - ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL - 401 2
| 2148074254
| 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/SessionVar.asp - 80
| XT2\X111222 111.222.333.23 -
ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL -
| 401 1 1909
| 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80
| XT2\joe.bob 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL
| http://dev5/aspaspx/SessionVar.asp 200 0 0
|
| --Fails - Basic Authentication
| 2005-10-24 19:39:06 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 401 2 2148074254
| 2005-10-24 19:39:08 111.222.333.23 GET /aspaspx - 80 XT2\Joe.Bob
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 301 0 0
| 2005-10-24 19:39:08 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80
| XT2\Joe.Bob 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
-
| - 200 0 0
| 2005-10-24 19:39:10 111.222.333.23 GET /aspaspx/start.asp - 80
XT2\Joe.Bob
| 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB http://dev5/aspaspx/ 200 0 0
| 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/SessionVar.asp - 80
| XT2\Joe.Bob 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB
http://dev5/aspaspx/start.asp
| 200 0 0
| 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 -
| 111.222.333.23 - ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB - 401 2
| 2148074254
| 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/SessionVar.asp - 80
| XT2\X111222 111.222.333.23 -
ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB -
| 401 1 1909
| 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80
| XT2\Joe.Bob 111.222.333.109
|
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB
| http://dev5/aspaspx/SessionVar.asp 200 0 0
|
|
|
|