|
|
You're in the
iis security
group:script fails first time with "accept client certificates"
iis security:
password or a client certificate. Therefore I have set "require SSL" and "accept client certificates". However, my script fails for the first document that I send if I use a username and password. The error on the client is: "There is a security problem.". There is no entry in the IIS server log file. There is no problem when I supply a client certificate. Also, there is no problem if I set "ignore client certificates". I have tried with MSXML3 SP2 and MSXML4 SP2 without any difference in behaviour. Can someone explain why I get an error for the first message? <job id="eSCLSend"> <script language="JScript"> submitDocument("document1.xml"); submitDocument("document2.xml"); function submitDocument(inputdoc) { var httpOb = new ActiveXObject("MSXML2.XMLHTTP"); httpOb.open ("POST", "https://servername/ReceiveXML.asp", false, "username", "password"); httpOb.setRequestHeader("Content-Type", "text/xml"); var fso, ts, msg; var ForReading = 1; fso = new ActiveXObject("Scripting.FileSystemObject"); ts = fso.OpenTextFile(inputdoc, ForReading); msg = ts.ReadAll(); ts.Close(); try { httpOb.send(msg); } catch(e) WScript.Echo(e.number); WScript.Echo(e.description); } WScript.Echo(httpOb.statusText); WScript.Echo(httpOb.responseText); } </script>
Hi Martin,
So far as I know on this issue, XMLHTTP starts to support SSL with client certificates from XML 3.0 sp1. There is one kb article which introduce detailed information abotu this issue for you. Please go to: 301429 HOWTO: Install Client Certificate on IIS Server for ServerXMLHTTP http://support.microsoft.com/?id=301429 Please feel free to let me know if you have any further questions. Does this answer your question? Thank you for using Microsoft NewsGroup! Wei-Dong Xu Microsoft Product Support Services Get Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
Hi,
I have basic authentication enabled. File security is enabled and works, because with "ignore client certificates" it works without problems. Kind regards, Martin [quoted text, click to view] >-----Original Message----- you should check which authentication method you are >Hi Martin, > >If you want to use username and password for the request, using. It is suggested that you [quoted text, click to view] >use Windows integrated authentication method for you so that you can take full advantage of windows security features. Furthermore, since you [quoted text, click to view] >choose SSL to secure the connection, Basic and digest authentication will also help you a lot. Then, you can also check whether the user account [quoted text, click to view] >ha permisson to that asp page. You can right click the
page and check that from security property. > >Please feel free to let me know if you have any further questions. > >Does this answer your question? Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > > >.
Hi Martin,
If you want to use username and password for the request, you should check which authentication method you are using. It is suggested that you use Windows integrated authentication method for you so that you can take full advantage of windows security features. Furthermore, since you choose SSL to secure the connection, Basic and digest authentication will also help you a lot. Then, you can also check whether the user account ha permisson to that asp page. You can right click the page and check that from security property. Please feel free to let me know if you have any further questions. Does this answer your question? Thank you for using Microsoft NewsGroup! Wei-Dong Xu Microsoft Product Support Services Get Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
Hi,
I've read this article, but my problem is a little different. I've tried with XML 3.0 SP2 and 4.0 SP2 without luck. Martin [quoted text, click to view] >-----Original Message----- SSL with client certificates from XML 3.0 sp1. There is >Hi Martin, > >So far as I know on this issue, XMLHTTP starts to support one kb article which introduce [quoted text, click to view] >detailed information abotu this issue for you. Please go
to: >301429 HOWTO: Install Client Certificate on IIS Server for ServerXMLHTTP >http://support.microsoft.com/?id=301429 > >Please feel free to let me know if you have any further questions. > >Does this answer your question? Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > > >.
Hi Martin,
Thank you for replying! I'd suggest you can test whether you can link to your server with client certificate for html files. If there is some errors, some kb articles may help you some on this issue. 252657 IIS 5.0: HTTP 403.16 Forbidden: Client Certificate Untrusted or Invalid. http://support.microsoft.com/?id=252657 332077 IIS 6.0: Computer Must Trust All Certification Authorities Trusted by http://support.microsoft.com/?id=332077 Furthermore, it will be appreciated that you tell me which OS you are using and whether there is proxies between your client and server. Thank you for using Microsoft NewsGroup! Wei-Dong Xu Microsoft Product Support Services Get Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
Hi Wei-Dong,
I'm not using a client certificate, so I'm afraid the articles do not apply. I tried with a Windows 2000 and Windows 2003 server, both the same behaviour. The client is Windows 2000. It should be easy to reproduce with the script in my initial post. Kind regards, Martin [quoted text, click to view] >-----Original Message----- server with client certificate for html files. If there is >Hi Martin, > >Thank you for replying! > >I'd suggest you can test whether you can link to your some errors, some kb articles may help [quoted text, click to view] >you some on this issue. which OS you are using and whether there is proxies >252657 IIS 5.0: HTTP 403.16 Forbidden: Client Certificate Untrusted or Invalid. >http://support.microsoft.com/?id=252657 > >332077 IIS 6.0: Computer Must Trust All Certification Authorities Trusted by >http://support.microsoft.com/?id=332077 > >Furthermore, it will be appreciated that you tell me between your client and server. [quoted text, click to view] >
>Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > > >.
Thank you for your answers. The point is that I did not
select *require client certificates", but "accept client certificates". This option means that a client certificate is optional. My belief is that the XMLHTTP class does not handle this option properly. Or perhaps a programming error in my script. Anyway, I will pursue this through formal channels to product support and post back the answer from them. Kind regards, Martin [quoted text, click to view] >-----Original Message----- the IIS with a certificate, it means that you should >Hi Martin, > >Thank you for replying! > >If you select "requir Client certificate" and configure install a valid client certificate in the client [quoted text, click to view] >so that IIS can accept the client request. Without a client certificate in the client, IIS will not accept any request from the client. I think this is the [quoted text, click to view] >reason why you get the security error message.
> >Please feel free to let me know if you have any further questions. > >Does this answer your question? Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > > >.
Hi Martin,
Thank you for replying! If you select "requir Client certificate" and configure the IIS with a certificate, it means that you should install a valid client certificate in the client so that IIS can accept the client request. Without a client certificate in the client, IIS will not accept any request from the client. I think this is the reason why you get the security error message. Please feel free to let me know if you have any further questions. Does this answer your question? Thank you for using Microsoft NewsGroup! Wei-Dong Xu Microsoft Product Support Services Get Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
Hi Martin,
Thank you for replying! It will be appreciated that you send one demo project for me so that I can test this for you. And tell me which OS you are using and your networking configuration. If it is convenience for you, please capture one screen for the detailed error information. Thank you very much in advance! Thank you for using Microsoft NewsGroup! Wei-Dong Xu Microsoft Product Support Services Get Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |