Discussion:
IServerXMLHTTPRequest authentication problem
(too old to reply)
Lamberti Fabrizio
2005-03-08 07:42:59 UTC
Permalink
I've an authentication problem with IServerXMLHTTPRequest.

I've got two web server named WS_1 and WS_2 part of the same NT domain.

On WS_1 I've published on the virtual directory virt1 the asp file
example1.asp.

On WS_2 I've published example2.asp on the virtual directory virt2.

Both virtual directories have enabled only the Integrated Windows
Authentication and I can't use any other type of authentication.

The file example1.asp try to retrieve some information from example2.asp by
using IServerXMLHTTPRequest object.

The problem is that example1.asp can't retrieve example2.asp because the
request is not made by the same domain user requesting example1.asp and so
correctely WS_2 can't authorized current request.

Inside the method open of IServerXMLHTTPRequest object I can set the user
and the pwd. I can retrieve the current user from
Request.ServerVariables("REMOTE_USER") but I don't know how to retrieve the
pwd. how can I do it ?

Thx
Stephen Sulzer
2005-03-10 05:23:54 UTC
Permalink
Hello,

This is a common authentication issue with the ServerXMLHTTP (SXH) object.
Searching the newsgroups for "ServerXMLHTTP delegation" or "ServerXMLHTTP
credential delegation" will turn up previous discussions on this topic. For
example:
http://groups-beta.google.com/group/microsoft.public.xml/messages/77c5871437aa5ca3,af1f0e1f07db253a?thread_id=aadf2276e2e9fa29

If the client authenticates using Integrated Windows Authentication (IWA) to
server WS_1, I don't think it is possible to get the client's password.
There is an "AUTH_PASSWORD" IIS ServerVariable, but it only works for Basic
authentication.

It is possible for the SXH object running on WS_1 to delegate (automatically
forward) the client's credentials to server WS_2. Briefly, this requires:

1. The client machine and servers WS_1 and WS_2 must be running Windows
2000, XP or Server 2003. The client cannot be running Windows 9X/ME.

2. The servers must be using IWA. And server WS_1 should be configured for
"trusted for delegation".

3. On server WS_1 which uses SXH, you need to set the WinHTTP proxy
configuration such that server WS_2 is included in the proxy bypass list
(either explicitly listed or a wildcard match). You can set the WinHTTP
proxy configuration using the proxycfg.exe tool or calling the setProxy
method. If you don't use a proxy server, you can use a dummy name for the
proxy server and put "*" in the proxy bypass list ("*" matches everything).

Hope that helps.

- Stephen
Lamberti Fabrizio
2005-03-16 16:27:36 UTC
Permalink
I've found the solution.

Using the Trust for Delegation explained inside "Accessing network file from
ASP page" post and the method setProxy of IServerXMLHTTPRequest object I've
solve my problem.

the correct usage of that method is the following:

[IServerXMLHTTPRequest object].setProxy 2, " ", "*"

bye
Post by Lamberti Fabrizio
I've an authentication problem with IServerXMLHTTPRequest.
I've got two web server named WS_1 and WS_2 part of the same NT domain.
On WS_1 I've published on the virtual directory virt1 the asp file
example1.asp.
On WS_2 I've published example2.asp on the virtual directory virt2.
Both virtual directories have enabled only the Integrated Windows
Authentication and I can't use any other type of authentication.
The file example1.asp try to retrieve some information from example2.asp by
using IServerXMLHTTPRequest object.
The problem is that example1.asp can't retrieve example2.asp because the
request is not made by the same domain user requesting example1.asp and so
correctely WS_2 can't authorized current request.
Inside the method open of IServerXMLHTTPRequest object I can set the user
and the pwd. I can retrieve the current user from
Request.ServerVariables("REMOTE_USER") but I don't know how to retrieve the
pwd. how can I do it ?
Thx
Loading...