Re: Code runs until Basic Authentication or Digest Authentication
From: Steven Cheng[MSFT] (stcheng_at_online.microsoft.com)
Date: 11/08/05
- Previous message: Wan: "Re: Security problem in IE login prompt..."
- In reply to: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 08 Nov 2005 02:23:51 GMT
Thanks for your followup Bmeyer,
You can contact Microsoft Product Support directly to discuss additional
support options you may have available, by contacting us at 1-(800)936-5800
or by choosing one of the options listed at
http://support.microsoft.com/default.aspx?scid=sz;en-us;top. Of course, as
MSDN subscriber, you can use your available support indicent on this.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: Code runs until Basic Authentication or Digest
Authentication
| thread-index: AcXjzMZquzI9KYpqRXyTyn7jD8CvPw==
| X-WBNR-Posting-Host: 205.158.212.246
| From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam>
| References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
<OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
<qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
<OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
<8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
<#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
<A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
<thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl>
<iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl>
<F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com>
<ptZpQsz4FHA.3936@TK2MSFTNGXA01.phx.gbl>
| Subject: Re: Code runs until Basic Authentication or Digest Authentication
| Date: Mon, 7 Nov 2005 10:55:09 -0800
| Lines: 315
| Message-ID: <EDF68B48-A09E-4080-B8CB-0F703AF12BB3@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8972
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Our intranet page authenticates users, then it uses window.open in
javascript
| to open new window where our .NET application starts up. That results
in
| the authentication failure when later switching from ASP to ASP.NET.
|
| If users go directly to the application and are authenticated without a
new
| browser window opening, then the session seems to work
|
| I haven't tried a console .NET app - not sure how I'd do that since the
| whole thing seems to be related to IIS and authentication...
|
| Is there a way to open a case via our MSDN subscription? This just
doesn't
| seem to be working
|
| "Steven Cheng[MSFT]" wrote:
|
| > Thanks for your followup Bmeyer,
| >
| > I'm sorry to hear that the problem still remains. So are you still
| > encountering the access denied error when programmatically access the
ASP
| > page? Also, as you mentioned that
| > ==========
| > Works fine from same
| > browser window - but when new browser window launches, no luck
| > ===========
| >
| > What does the
| > "new browser window launches means"?
| >
| > Also, have you tried using WebRequest (with clear text
username/password
| > credential) in a console .net app to request that ASP page to see
whether
| > you can get response successfully?
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| > --------------------
| > | Thread-Topic: Code runs until Basic Authentication or Digest
| > Authentication
| > | thread-index: AcXgx8/3wD7G5YlKQhu/FmhhjSmRBg==
| > | X-WBNR-Posting-Host: 205.158.212.246
| > | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam>
| > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
| > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
| > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
| > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
| > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
| > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
| > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
| > <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl>
| > <iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl>
| > | Subject: Re: Code runs until Basic Authentication or Digest
Authentication
| > | Date: Thu, 3 Nov 2005 14:42:04 -0800
| > | Lines: 321
| > | Message-ID: <F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.inetserver.iis.security
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.inetserver.iis.security:8927
| > | X-Tomcat-NG: microsoft.public.inetserver.iis.security
| > |
| > | Thanks for the note. I was out of town for a few days. I did change
the
| > | code as follows, but still get the same problem. Works fine from
same
| > | browser window - but when new browser window launches, no luck
| > |
| > |
| > | PageVal = CreateURI()
| > | myRequest = WebRequest.Create(PageVal)
| > |
| > | Dim myCred As New
| > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
| > | ConfigurationSettings.AppSettings("AuthPwd"),
| > | ConfigurationSettings.AppSettings("AuthDomain"))
| > | Dim myCache As New CredentialCache
| > |
| > | 'myCache.Add(oContext.Current.Request.Url, "Basic", myCred)
| > | myCache.Add(myRequest.RequestUri, "Basic", myCred)
| > |
| > |
| > |
| > | "Steven Cheng[MSFT]" wrote:
| > |
| > | > Hi Bmeyer,
| > | >
| > | > How are you doing on this issue? Does the suggestions in my last
reply
| > | > helps a little? If there're anything else we can help, please feel
free
| > to
| > | > post here. Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure! www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | > --------------------
| > | > | X-Tomcat-ID: 49436306
| > | > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
| > | > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
| > | > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
| > | > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
| > | > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
| > | > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
| > | > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain
| > | > | Content-Transfer-Encoding: 7bit
| > | > | From: stcheng@online.microsoft.com (Steven Cheng[MSFT])
| > | > | Organization: Microsoft
| > | > | Date: Thu, 27 Oct 2005 02:40:35 GMT
| > | > | Subject: Re: Code runs until Basic Authentication or Digest
| > Authentication
| > | > | X-Tomcat-NG: microsoft.public.inetserver.iis.security
| > | > | Message-ID: <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl>
| > | > | Newsgroups: microsoft.public.inetserver.iis.security
| > | > | Lines: 222
| > | > | Path: TK2MSFTNGXA01.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.inetserver.iis.security:8834
| > | > | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
| > | > |
| > | > | Hi Bmeyer,
| > | > |
| > | > | From a general view of the code you provided, the code logic is
all
| > ok.
| > | > | You're using the HTTpWebRequest component to programmatically
request
| > the
| > | > | SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw
| > you've
| > | > | attached the NetworkCredential for the request in code. However,
I
| > 've
| > | > | found one problem which maybe the cause in the following function:
| > | > |
| > | > | ========================
| > | > | Public Function GetSessionVars() As Boolean
| > | > | ' First get the Session Cookie
| > | > | Dim ASPCookieName As String = ""
| > | > | Dim ASPCookieValue As String = ""
| > | > | Dim myRequest As WebRequest
| > | > | Dim myResponse As WebResponse
| > | > | Dim PageVal As String
| > | > |
| > | > | Try
| > | > | If Not GetSessionCookie(ASPCookieName,
ASPCookieValue)
| > Then
| > | > | Return False
| > | > | End If
| > | > |
| > | > |
| > | > |
| > | > | ' Initialize the WebRequest.
| > | > | PageVal = CreateURI()
| > | > | myRequest = WebRequest.Create(PageVal)
| > | > |
| > | > |
| > | > | '.................................
| > | > | '.................................
| > | > |
| > | > |
| > | > |
| > | > | 'Dim myCred As New
| > | > |
NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
| > | > | ConfigurationSettings.AppSettings("AuthPwd"))
| > | > | Dim myCred As New
| > | > |
NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
| > | > | ConfigurationSettings.AppSettings("AuthPwd"),
| > | > | ConfigurationSettings.AppSettings("AuthDomain"))
| > | > | '20 Jul 05 end
| > | > | Dim myCache As New CredentialCache
| > | > | myCache.Add(oContext.Current.Request.Url, "Basic",
myCred)
| > | > | myRequest.Credentials = myCache
| > | > |
| > | > | =============================
| > | > |
| > | > | At the start of the function, you use the "PageVal"(which should
be
| > the
| > | > asp
| > | > | page's url) to create the webrequest
| > | > |
| > | > | PageVal = CreateURI()
| > | > | myRequest = WebRequest.Create(PageVal)
| > | > |
| > | > | However, when you create the NetworkCredential and add into the
| > | > | CredentialCache, you use the
| > | > |
| > | > | "oContext.Current.Request.Url" as the Url, I think you should
change
| > | > this
| > | > | to "PageVal" because the url for the Credential should match the
| > target
| > | > | page's url rather than the current page. Try the following one
| > instead to
| > | > | see whether it works:
| > | > |
| > | > | Dim myCache As New CredentialCache
| > | > | myCache.Add(PageVal, "Basic", myCred)
| > | > | myRequest.Credentials = myCache
| > | > |
| > | > | Thanks,
| > | > |
| > | > | Steven Cheng
| > | > | Microsoft Online Support
| > | > |
| > | > | Get Secure! www.microsoft.com/security
| > | > | (This posting is provided "AS IS", with no warranties, and
confers no
| > | > | rights.)
| > | > |
| > | > | --------------------
| > | > | | Thread-Topic: Code runs until Basic Authentication or Digest
| > | > | Authentication
| > | > | | thread-index: AcXaStyV2GreI66gTB2zKWsv+usadg==
| > | > | | X-WBNR-Posting-Host: 205.158.212.246
| > | > | | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam>
| > | > | | References:
<5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
| > | > | <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
| > | > | <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
| > | > | <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
| > | > | <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
| > | > | <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
| > | > | | Subject: Re: Code runs until Basic Authentication or Digest
| > | > Authentication
| > | > | | Date: Wed, 26 Oct 2005 09:32:31 -0700
| > | > | | Lines: 96
| > | > | | Message-ID: <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
| > | > | | MIME-Version: 1.0
| > | > | | Content-Type: text/plain;
| > | > | | charset="Utf-8"
| > | > | | Content-Transfer-Encoding: 7bit
| > | > | | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | | Content-Class: urn:content-classes:message
| > | > | | Importance: normal
| > | > | | Priority: normal
| > | > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | | Newsgroups: microsoft.public.inetserver.iis.security
| > | > | | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.inetserver.iis.security:8830
| > | > | | X-Tomcat-NG: microsoft.public.inetserver.iis.security
| > | > | |
| > | > | | Based on these logs, do you see anything else that might steer
us
| > in
| > | > the
| > | > | | right direction
| > | > | |
| > | > | | --Works - Anonymous Allowed
| > | > | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 -
| > 111.222.333.109
| > | > | |
| > | > |
| > | >
| >
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| > | > | -
| > | > | | - 301 0 0
| > | > | | 2005-10-24 19:37:18 111.222.333.23 GET
/aspaspx/LaunchNewWindow.asp
| > -
| > | > 80
| > | > | -
| > | > | | 111.222.333.109
| > | > | |
| > | > |
| > | >
| >
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| > | > | -
| > | > | | - 200 0 0
| > | > | | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/start.asp - 80
-
| > | > | | 111.222.333.109
| > | > | |
| > | > |
| > | >
| >
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| > | > | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM
http://dev5/aspaspx/
| > 200
| > | > 0 0
| > | > | | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/SessionVar.asp
- 80
| > -
| > | > | | 111.222.333.109
| > | > | |
| > | > |
| > | >
| >
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| > | > | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM
| > | > | http://dev5/aspaspx/start.asp
| > | > | | 200 0 0
| > | > | | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/SessionVar.asp
- 80
| > -
| > | > | | 111.222.333.23 - ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM
-
| > 200 0 0
| > | > | | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/WebForm1.aspx -
80
| > -
| > | > | | 111.222.333.109
| > | > | |
| > | > |
| > | >
| >
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
| > | > | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM
| > | > | | http://dev5/aspaspx/SessionVar.asp 200 0 0
| > | > | |
| > | > | | --Fails - Digest Authentication
| > | > | | 2005-10-24 19:37:51 111.222.333.23 GET /aspaspx - 80 -
| > 111.222.333.109
|
- Previous message: Wan: "Re: Security problem in IE login prompt..."
- In reply to: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
