| Groups | Blog | Home |
iis security : Code runs until Basic Authentication or Digest Authentication is r
We have Windows 2003 server running IIS 6.0.
Have an application that creates ASPX session variables based on values found in ASP session cookie. Works great if anyonymous is allowed. Once Basic or Digest Auth is required, we get 401 errors. We've even included a default user account username,pwd and domain in our web.config file to try and pass the credentials manually. Still no luck.
Supplying a username/password in web.config does not mean that the user
doesn't supply credentials. Questions that you need to answer: a) Do you want the user to have to authenticate (i.e. supply Windows credentials)? b) Do you have your authentication mode set to Windows in your web.config file? c) Are you trying to have ASP.NET impersonate the supplied user credentials? Or do you want ASP.NET to run under a fixed user identity? Cheers Ken [quoted text, click to view] "BMeyer" <bmeyer@community.nospam> wrote in message : We have Windows 2003 server running IIS 6.0.news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com... : : Have an application that creates ASPX session variables based on values : found in ASP session cookie. : : Works great if anyonymous is allowed. Once Basic or Digest Auth is : required, we get 401 errors. We've even included a default user account : username,pwd and domain in our web.config file to try and pass the : credentials manually. Still no luck. : : Need to open a case on this one via MSDN so you can try to run our code
Hi Bmeyer
Steven's absolutely right. Take a look at this, IIS first, then the ASP.net settings. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp Good luck! Kenneth [quoted text, click to view] "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message news:qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl... > Thanks for Ken's inputs. > > Hi Bmeyer, > > As ken mentioned, no matter we specify the credential in web.config's > identity/impersonate element or not, the client always need to supply the > clientside credential (if IIS anonymous access is turn off). Also, I'm > not > sure how are you accessing the asp.net web application, through client > browser(interactively) or through other webrequest components (like > httpwebrequest) programmatically? If convenient, would you provide us > some > detailed background of your applicaiton's logic? > > Thanks, > > Steven Cheng > Microsoft Online Support > > Get Secure! www.microsoft.com/security > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > > > > > -------------------- > | From: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> > | Subject: Re: Code runs until Basic Authentication or Digest > Authentication is r > | Date: Wed, 26 Oct 2005 12:28:44 +1000 > | Lines: 29 > | X-Priority: 3 > | X-MSMail-Priority: Normal > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 > | Message-ID: <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> > | Newsgroups: microsoft.public.inetserver.iis.security > | NNTP-Posting-Host: 203.53.153.82 > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl > | Xref: TK2MSFTNGXA01.phx.gbl > microsoft.public.inetserver.iis.security:8811 > | X-Tomcat-NG: microsoft.public.inetserver.iis.security > | > | Supplying a username/password in web.config does not mean that the user > | doesn't supply credentials. > | > | Questions that you need to answer: > | a) Do you want the user to have to authenticate (i.e. supply Windows > | credentials)? > | b) Do you have your authentication mode set to Windows in your > web.config > | file? > | c) Are you trying to have ASP.NET impersonate the supplied user > credentials? > | Or do you want ASP.NET to run under a fixed user identity? > | > | Cheers > | Ken > | > | "BMeyer" <bmeyer@community.nospam> wrote in message > | news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com... > | : We have Windows 2003 server running IIS 6.0. > | : > | : Have an application that creates ASPX session variables based on > values > | : found in ASP session cookie. > | : > | : Works great if anyonymous is allowed. Once Basic or Digest Auth is > | : required, we get 401 errors. We've even included a default user > account > | : username,pwd and domain in our web.config file to try and pass the > | : credentials manually. Still no luck. > | : > | : Need to open a case on this one via MSDN so you can try to run our > code > | > | > | >
Hi Bmeyer,
From a general view of the code you provided, the code logic is all ok. You're using the HTTpWebRequest component to programmatically request the SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw you've attached the NetworkCredential for the request in code. However, I 've found one problem which maybe the cause in the following function: ======================== Public Function GetSessionVars() As Boolean ' First get the Session Cookie Dim ASPCookieName As String = "" Dim ASPCookieValue As String = "" Dim myRequest As WebRequest Dim myResponse As WebResponse Dim PageVal As String Try If Not GetSessionCookie(ASPCookieName, ASPCookieValue) Then Return False End If ' Initialize the WebRequest. PageVal = CreateURI() myRequest = WebRequest.Create(PageVal) '................................. '................................. 'Dim myCred As New NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), ConfigurationSettings.AppSettings("AuthPwd")) Dim myCred As New NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), ConfigurationSettings.AppSettings("AuthPwd"), ConfigurationSettings.AppSettings("AuthDomain")) '20 Jul 05 end Dim myCache As New CredentialCache myCache.Add(oContext.Current.Request.Url, "Basic", myCred) myRequest.Credentials = myCache ============================= At the start of the function, you use the "PageVal"(which should be the asp page's url) to create the webrequest PageVal = CreateURI() myRequest = WebRequest.Create(PageVal) However, when you create the NetworkCredential and add into the CredentialCache, you use the "oContext.Current.Request.Url" as the Url, I think you should change this to "PageVal" because the url for the Credential should match the target page's url rather than the current page. Try the following one instead to see whether it works: Dim myCache As New CredentialCache myCache.Add(PageVal, "Basic", myCred) myRequest.Credentials = myCache Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | Thread-Topic: Code runs until Basic Authentication or Digest Authentication | thread-index: AcXaStyV2GreI66gTB2zKWsv+usadg== | X-WBNR-Posting-Host: 205.158.212.246 | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> | Subject: Re: Code runs until Basic Authentication or Digest Authentication | Date: Wed, 26 Oct 2005 09:32:31 -0700 | Lines: 96 | Message-ID: <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | charset="Utf-8" | Content-Transfer-Encoding: 7bit | X-Newsreader: Microsoft CDO for Windows 2000 | Content-Class: urn:content-classes:message | Importance: normal | Priority: normal | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 | Newsgroups: microsoft.public.inetserver.iis.security | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8830 | X-Tomcat-NG: microsoft.public.inetserver.iis.security | | Based on these logs, do you see anything else that might steer us in the | right direction | | --Works - Anonymous Allowed | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - | - 301 0 0 | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80 - | 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - | - 200 0 0 | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/start.asp - 80 - | 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/ 200 0 0 | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - | 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/start.asp | 200 0 0 | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - | 111.222.333.23 - ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM - 200 0 0 | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 - | 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM | http://dev5/aspaspx/SessionVar.asp 200 0 0 | | --Fails - Digest Authentication | 2005-10-24 19:37:51 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - | - 401 2 2148074254 | 2005-10-24 19:37:59 111.222.333.23 GET /aspaspx - 80 XT2\joe.bob | 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - | - 301 0 0 | 2005-10-24 19:37:59 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80 | XT2\joe.bob 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - | - 200 0 0 | 2005-10-24 19:38:00 111.222.333.23 GET /aspaspx/start.asp - 80 XT2\joe.bob | 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL http://dev5/aspaspx/ 200 0 0 | 2005-10-24 19:38:00 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 | XT2\joe.bob 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL http://dev5/aspaspx/start.asp | 200 0 0 | 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - | 111.222.333.23 - ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL - 401 2 | 2148074254 | 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 | XT2\X111222 111.222.333.23 - ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL - | 401 1 1909 | 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 | XT2\joe.bob 111.222.333.109 | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
Hi Bmeyer
Yes and no. Yes, your codes are probably working for "impersonation". No, no matter how you configure the web.config, if anonymous access is disabled, IIS will check for the identity.Isauthenticated (something like that) value. If the user is not authenticated, the user will be prompted for the login user ID and password by IIS. Only upon a successful login will the control be passed to ASP.NET, with Web.config settings and your scripts doing the impersonation. Hope this helps. Kenneth [quoted text, click to view] "BMeyer" <bmeyer@community.nospam> wrote in message news:8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com... > Thanks for the quick reply. It sounds like you're saying that our > code/logic > is probably fine, but we've either got IIS or something to tweak in > web.config? > > > "Kenneth Koh" wrote: > >> Hi Bmeyer >> >> Steven's absolutely right. >> Take a look at this, IIS first, then the ASP.net settings. >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp >> >> >> Good luck! >> Kenneth >> >> "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message >> news:qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl... >> > Thanks for Ken's inputs. >> > >> > Hi Bmeyer, >> > >> > As ken mentioned, no matter we specify the credential in web.config's >> > identity/impersonate element or not, the client always need to supply >> > the >> > clientside credential (if IIS anonymous access is turn off). Also, I'm >> > not >> > sure how are you accessing the asp.net web application, through client >> > browser(interactively) or through other webrequest components (like >> > httpwebrequest) programmatically? If convenient, would you provide us >> > some >> > detailed background of your applicaiton's logic? >> > >> > Thanks, >> > >> > Steven Cheng >> > Microsoft Online Support >> > >> > Get Secure! www.microsoft.com/security >> > (This posting is provided "AS IS", with no warranties, and confers no >> > rights.) >> > >> > >> > >> > >> > -------------------- >> > | From: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> >> > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> >> > | Subject: Re: Code runs until Basic Authentication or Digest >> > Authentication is r >> > | Date: Wed, 26 Oct 2005 12:28:44 +1000 >> > | Lines: 29 >> > | X-Priority: 3 >> > | X-MSMail-Priority: Normal >> > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 >> > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 >> > | Message-ID: <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> >> > | Newsgroups: microsoft.public.inetserver.iis.security >> > | NNTP-Posting-Host: 203.53.153.82 >> > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl >> > | Xref: TK2MSFTNGXA01.phx.gbl >> > microsoft.public.inetserver.iis.security:8811 >> > | X-Tomcat-NG: microsoft.public.inetserver.iis.security >> > | >> > | Supplying a username/password in web.config does not mean that the >> > user >> > | doesn't supply credentials. >> > | >> > | Questions that you need to answer: >> > | a) Do you want the user to have to authenticate (i.e. supply Windows >> > | credentials)? >> > | b) Do you have your authentication mode set to Windows in your >> > web.config >> > | file? >> > | c) Are you trying to have ASP.NET impersonate the supplied user >> > credentials? >> > | Or do you want ASP.NET to run under a fixed user identity? >> > | >> > | Cheers >> > | Ken >> > | >> > | "BMeyer" <bmeyer@community.nospam> wrote in message >> > | news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com... >> > | : We have Windows 2003 server running IIS 6.0. >> > | : >> > | : Have an application that creates ASPX session variables based on >> > values >> > | : found in ASP session cookie. >> > | : >> > | : Works great if anyonymous is allowed. Once Basic or Digest Auth is >> > | : required, we get 401 errors. We've even included a default user >> > account >> > | : username,pwd and domain in our web.config file to try and pass the >> > | : credentials manually. Still no luck. >> > | : >> > | : Need to open a case on this one via MSDN so you can try to run our >> > code >> > | >> > | >> > | >> > >> >> >>
Thanks for Ken's inputs.
Hi Bmeyer, As ken mentioned, no matter we specify the credential in web.config's identity/impersonate element or not, the client always need to supply the clientside credential (if IIS anonymous access is turn off). Also, I'm not sure how are you accessing the asp.net web application, through client browser(interactively) or through other webrequest components (like httpwebrequest) programmatically? If convenient, would you provide us some detailed background of your applicaiton's logic? Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | From: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> | Subject: Re: Code runs until Basic Authentication or Digest Authentication is r | Date: Wed, 26 Oct 2005 12:28:44 +1000 | Lines: 29 | X-Priority: 3 | X-MSMail-Priority: Normal | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 | Message-ID: <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> | Newsgroups: microsoft.public.inetserver.iis.security | NNTP-Posting-Host: 203.53.153.82 | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8811 | X-Tomcat-NG: microsoft.public.inetserver.iis.security | | Supplying a username/password in web.config does not mean that the user | doesn't supply credentials. | | Questions that you need to answer: | a) Do you want the user to have to authenticate (i.e. supply Windows | credentials)? | b) Do you have your authentication mode set to Windows in your web.config | file? | c) Are you trying to have ASP.NET impersonate the supplied user credentials? | Or do you want ASP.NET to run under a fixed user identity? | | Cheers | Ken | [quoted text, click to view] | "BMeyer" <bmeyer@community.nospam> wrote in message | : We have Windows 2003 server running IIS 6.0.| news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com... | : | : Have an application that creates ASPX session variables based on values | : found in ASP session cookie. | : | : Works great if anyonymous is allowed. Once Basic or Digest Auth is | : required, we get 401 errors. We've even included a default user account | : username,pwd and domain in our web.config file to try and pass the | : credentials manually. Still no luck. | : | : Need to open a case on this one via MSDN so you can try to run our code | | |
Thanks for the reply. Here's what happens:
When going to ASPX page from an ASP page, the ASPX Page_Load checks for Try If Not Page.IsPostBack Then 'Establish session vars if not already existing If Session("User") Is Nothing Then Dim oASPSessionVar1 As New SessionVarsASPX 'if returns true, continue If oASPSessionVar1.GetSessionVars Then For i = 0 To Session.Count - 1 lblMain.Text = lblMain.Text & _ CStr(Session.Keys(i)) & _ " - " & _ CStr(Session(i)) & vbCrLf Next Else lblMain.Text = "Could not convert ASP Session Vars" End If End If End If The SessionVarsASPX page uses page "SessionVar.asp" to actually get the session variables ---Here's "SessionVarsASPX.vb" ---------------------------------------------- Public Class SessionVarsASPX Inherits System.Web.UI.Page Dim ASPSessionVarASP As String Dim oContext As HttpContext Public Function CreateURI() As String ASPSessionVarASP = "SessionVar.asp" ' We now build a System.Uri Object to derive the correct ' URL to send the HTTP request to. oContext.Request.Url ' will contain a System.Uri Object that represents ' Me ASPXs URL. Dim oURL As System.Uri = oContext.Current.Request.Url Dim Path As String Dim i As Integer For i = 0 To oURL.Segments.Length - 2 Path = Path + oURL.Segments(i) Next ASPSessionVarASP = oURL.Scheme + "://" + _ oURL.Host + ":" + _ oURL.Port.ToString() + Path + ASPSessionVarASP Return ASPSessionVarASP End Function Public Function GetSessionVars() As Boolean ' First get the Session Cookie Dim ASPCookieName As String = "" Dim ASPCookieValue As String = "" Dim myRequest As WebRequest Dim myResponse As WebResponse Dim PageVal As String Try If Not GetSessionCookie(ASPCookieName, ASPCookieValue) Then Return False End If ' Initialize the WebRequest. PageVal = CreateURI() myRequest = WebRequest.Create(PageVal) '7 Jun 05 - BTM 'ASPX Session was not able to be created if basic authentication in IIS 'was required. Was receving 401 unauthorized error when GetSessionVars() function 'was being called 'According to Microsoft Technical Support (obtained in MSDN newsgroups on 7 Jun 05), 'apparently, basic authentication in IIS will NOT pass on user credentials for WebRequest. 'WebRequest method of System.Net.WebRequest (in function GetSessionVars()) requires 'that user credentials be passed to web request manually. 'X123456 is a generic domain user account used by IT and is enough to ensure that 'the WebRequest method passes authentication. '20 Jul 05 - add domain 'Dim myCred As New NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), ConfigurationSettings.AppSettings("AuthPwd")) Dim myCred As New NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), ConfigurationSettings.AppSettings("AuthPwd"), ConfigurationSettings.AppSettings("AuthDomain")) '20 Jul 05 end Dim myCache As New CredentialCache myCache.Add(oContext.Current.Request.Url, "Basic", myCred) myRequest.Credentials = myCache '7 Jun 05 - end myRequest.Headers.Add("Cookie: " + ASPCookieName + "=" + ASPCookieValue) 'debug 'Debug.WriteLine(System.Security.Principal.WindowsIdentity.GetCurrent().Name()) ' Send the request and get a response myResponse = myRequest.GetResponse() Dim receiveStream As Stream receiveStream = myResponse.GetResponseStream() Dim encode As System.Text.Encoding encode = System.Text.Encoding.GetEncoding("utf-8") Dim readStream As StreamReader readStream = New StreamReader(receiveStream, encode) 'readStream = New StreamReader(myResponse.GetResponseStream(), System.Text.Encoding.Default) Dim sLine As String Dim SessionVar As String Dim SessionValue As String Dim NumElements As Integer 'sResponse = readStream.ReadToEnd() Do While readStream.Peek() >= 0 sLine = readStream.ReadLine If sLine = "item:" Then 'next is name of item SessionVar = readStream.ReadLine 'followed by value - need to cast as right type SessionValue = readStream.ReadLine If SessionValue = "True" Or SessionValue = "False" Then Session(SessionVar) = CBool(SessionValue) ElseIf IsNumeric(SessionValue) Then Session(SessionVar) = CInt(SessionValue) Else Session(SessionVar) = SessionValue End If 'else if "array=" ElseIf sLine = "array:" Then 'get array name on next line SessionVar = readStream.ReadLine 'read next line to get number of elements "elements=" NumElements = readStream.ReadLine 'dim array to save off Dim ItemArray(0, NumElements) As String 'loop through and read until end of array Dim j As Integer For j = 0 To UBound(ItemArray, 2) 'set session var equal to array SessionValue = readStream.ReadLine If SessionValue = "True" Or SessionValue = "False" Then ItemArray(0, j) = CBool(SessionValue) ElseIf IsNumeric(SessionValue) Then ItemArray(0, j) = CInt(SessionValue) Else ItemArray(0, j) = readStream.ReadLine End If Next Session(SessionVar) = ItemArray
Thanks for the quick reply. It sounds like you're saying that our code/logic
is probably fine, but we've either got IIS or something to tweak in web.config? [quoted text, click to view] "Kenneth Koh" wrote:
> Hi Bmeyer > > Steven's absolutely right. > Take a look at this, IIS first, then the ASP.net settings. > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp > > > Good luck! > Kenneth > > "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message > news:qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl... > > Thanks for Ken's inputs. > > > > Hi Bmeyer, > > > > As ken mentioned, no matter we specify the credential in web.config's > > identity/impersonate element or not, the client always need to supply the > > clientside credential (if IIS anonymous access is turn off). Also, I'm > > not > > sure how are you accessing the asp.net web application, through client > > browser(interactively) or through other webrequest components (like > > httpwebrequest) programmatically? If convenient, would you provide us > > some > > detailed background of your applicaiton's logic? > > > > Thanks, > > > > Steven Cheng > > Microsoft Online Support > > > > Get Secure! www.microsoft.com/security > > (This posting is provided "AS IS", with no warranties, and confers no > > rights.) > > > > > > > > > > -------------------- > > | From: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> > > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> > > | Subject: Re: Code runs until Basic Authentication or Digest > > Authentication is r > > | Date: Wed, 26 Oct 2005 12:28:44 +1000 > > | Lines: 29 > > | X-Priority: 3 > > | X-MSMail-Priority: Normal > > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 > > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 > > | Message-ID: <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> > > | Newsgroups: microsoft.public.inetserver.iis.security > > | NNTP-Posting-Host: 203.53.153.82 > > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl > > | Xref: TK2MSFTNGXA01.phx.gbl > > microsoft.public.inetserver.iis.security:8811 > > | X-Tomcat-NG: microsoft.public.inetserver.iis.security > > | > > | Supplying a username/password in web.config does not mean that the user > > | doesn't supply credentials. > > | > > | Questions that you need to answer: > > | a) Do you want the user to have to authenticate (i.e. supply Windows > > | credentials)? > > | b) Do you have your authentication mode set to Windows in your > > web.config > > | file? > > | c) Are you trying to have ASP.NET impersonate the supplied user > > credentials? > > | Or do you want ASP.NET to run under a fixed user identity? > > | > > | Cheers > > | Ken > > | > > | "BMeyer" <bmeyer@community.nospam> wrote in message > > | news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com... > > | : We have Windows 2003 server running IIS 6.0. > > | : > > | : Have an application that creates ASPX session variables based on > > values > > | : found in ASP session cookie. > > | : > > | : Works great if anyonymous is allowed. Once Basic or Digest Auth is > > | : required, we get 401 errors. We've even included a default user > > account > > | : username,pwd and domain in our web.config file to try and pass the > > | : credentials manually. Still no luck. > > | : > > | : Need to open a case on this one via MSDN so you can try to run our > > code > > | > > | > > | > > > >
Based on these logs, do you see anything else that might steer us in the
right direction --Works - Anonymous Allowed 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 301 0 0 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 200 0 0 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/start.asp - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/ 200 0 0 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/start.asp 200 0 0 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - 111.222.333.23 - ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM - 200 0 0 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/SessionVar.asp 200 0 0 --Fails - Digest Authentication 2005-10-24 19:37:51 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 401 2 2148074254 2005-10-24 19:37:59 111.222.333.23 GET /aspaspx - 80 XT2\joe.bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 301 0 0 2005-10-24 19:37:59 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80 XT2\joe.bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 200 0 0 2005-10-24 19:38:00 111.222.333.23 GET /aspaspx/start.asp - 80 XT2\joe.bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL http://dev5/aspaspx/ 200 0 0 2005-10-24 19:38:00 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 XT2\joe.bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL http://dev5/aspaspx/start.asp 200 0 0 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - 111.222.333.23 - ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL - 401 2 2148074254 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 XT2\X111222 111.222.333.23 - ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL - 401 1 1909 2005-10-24 19:38:02 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 XT2\joe.bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=KMKLJIJCHKBOIMMIHEAMNFLL http://dev5/aspaspx/SessionVar.asp 200 0 0 --Fails - Basic Authentication 2005-10-24 19:39:06 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 401 2 2148074254 2005-10-24 19:39:08 111.222.333.23 GET /aspaspx - 80 XT2\Joe.Bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 301 0 0 2005-10-24 19:39:08 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80 XT2\Joe.Bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) - - 200 0 0 2005-10-24 19:39:10 111.222.333.23 GET /aspaspx/start.asp - 80 XT2\Joe.Bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB http://dev5/aspaspx/ 200 0 0 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 XT2\Joe.Bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB http://dev5/aspaspx/start.asp 200 0 0 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - 111.222.333.23 - ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB - 401 2 2148074254 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 XT2\X111222 111.222.333.23 - ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB - 401 1 1909 2005-10-24 19:39:11 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 XT2\Joe.Bob 111.222.333.109 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) ASPSESSIONIDSSQRBBQB=LMKLJIJCMLHDKCKGKJBPKMBB http://dev5/aspaspx/SessionVar.asp 200 0 0
Hi Bmeyer,
How are you doing on this issue? Does the suggestions in my last reply helps a little? If there're anything else we can help, please feel free to post here. Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | X-Tomcat-ID: 49436306 | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain | Content-Transfer-Encoding: 7bit | From: stcheng@online.microsoft.com (Steven Cheng[MSFT]) | Organization: Microsoft | Date: Thu, 27 Oct 2005 02:40:35 GMT | Subject: Re: Code runs until Basic Authentication or Digest Authentication | X-Tomcat-NG: microsoft.public.inetserver.iis.security | Message-ID: <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> | Newsgroups: microsoft.public.inetserver.iis.security | Lines: 222 | Path: TK2MSFTNGXA01.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8834 | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122 | | Hi Bmeyer, | | From a general view of the code you provided, the code logic is all ok. | You're using the HTTpWebRequest component to programmatically request the | SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw you've | attached the NetworkCredential for the request in code. However, I 've | found one problem which maybe the cause in the following function: | | ======================== | Public Function GetSessionVars() As Boolean | ' First get the Session Cookie | Dim ASPCookieName As String = "" | Dim ASPCookieValue As String = "" | Dim myRequest As WebRequest | Dim myResponse As WebResponse | Dim PageVal As String | | Try | If Not GetSessionCookie(ASPCookieName, ASPCookieValue) Then | Return False | End If | | | | ' Initialize the WebRequest. | PageVal = CreateURI() | myRequest = WebRequest.Create(PageVal) | | | '................................. | '................................. | | | | 'Dim myCred As New | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), | ConfigurationSettings.AppSettings("AuthPwd")) | Dim myCred As New | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), | ConfigurationSettings.AppSettings("AuthPwd"), | ConfigurationSettings.AppSettings("AuthDomain")) | '20 Jul 05 end | Dim myCache As New CredentialCache | myCache.Add(oContext.Current.Request.Url, "Basic", myCred) | myRequest.Credentials = myCache | | ============================= | | At the start of the function, you use the "PageVal"(which should be the asp | page's url) to create the webrequest | | PageVal = CreateURI() | myRequest = WebRequest.Create(PageVal) | | However, when you create the NetworkCredential and add into the | CredentialCache, you use the | | "oContext.Current.Request.Url" as the Url, I think you should change this | to "PageVal" because the url for the Credential should match the target | page's url rather than the current page. Try the following one instead to | see whether it works: | | Dim myCache As New CredentialCache | myCache.Add(PageVal, "Basic", myCred) | myRequest.Credentials = myCache | | Thanks, | | Steven Cheng | Microsoft Online Support | | Get Secure! www.microsoft.com/security | (This posting is provided "AS IS", with no warranties, and confers no | rights.) | | -------------------- | | Thread-Topic: Code runs until Basic Authentication or Digest | Authentication | | thread-index: AcXaStyV2GreI66gTB2zKWsv+usadg== | | X-WBNR-Posting-Host: 205.158.212.246 | | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> | | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> | <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> | <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> | <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> | <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> | <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> | | Subject: Re: Code runs until Basic Authentication or Digest Authentication | | Date: Wed, 26 Oct 2005 09:32:31 -0700 | | Lines: 96 | | Message-ID: <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> | | MIME-Version: 1.0 | | Content-Type: text/plain; | | charset="Utf-8" | | Content-Transfer-Encoding: 7bit | | X-Newsreader: Microsoft CDO for Windows 2000 | | Content-Class: urn:content-classes:message | | Importance: normal | | Priority: normal | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 | | Newsgroups: microsoft.public.inetserver.iis.security | | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 | | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8830 | | X-Tomcat-NG: microsoft.public.inetserver.iis.security | | | | Based on these logs, do you see anything else that might steer us in the | | right direction | | | | --Works - Anonymous Allowed | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 | | | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | - | | - 301 0 0 | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - 80 | - | | 111.222.333.109 | | | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | - | | - 200 0 0 | | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/start.asp - 80 - | | 111.222.333.109 | | | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM http://dev5/aspaspx/ 200 0 0 | | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - | | 111.222.333.109 | | | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM | http://dev5/aspaspx/start.asp | | 200 0 0 | | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/SessionVar.asp - 80 - | | 111.222.333.23 - ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM - 200 0 0 | | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80 - | | 111.222.333.109 | | | Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBCPJIDM | | http://dev5/aspaspx/SessionVar.asp 200 0 0
Thanks for the note. I was out of town for a few days. I did change the
code as follows, but still get the same problem. Works fine from same browser window - but when new browser window launches, no luck PageVal = CreateURI() myRequest = WebRequest.Create(PageVal) Dim myCred As New NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), ConfigurationSettings.AppSettings("AuthPwd"), ConfigurationSettings.AppSettings("AuthDomain")) Dim myCache As New CredentialCache 'myCache.Add(oContext.Current.Request.Url, "Basic", myCred) myCache.Add(myRequest.RequestUri, "Basic", myCred) [quoted text, click to view] "Steven Cheng[MSFT]" wrote:
> Hi Bmeyer, > > How are you doing on this issue? Does the suggestions in my last reply > helps a little? If there're anything else we can help, please feel free to > post here. Thanks, > > Steven Cheng > Microsoft Online Support > > Get Secure! www.microsoft.com/security > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > -------------------- > | X-Tomcat-ID: 49436306 > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> > | MIME-Version: 1.0 > | Content-Type: text/plain > | Content-Transfer-Encoding: 7bit > | From: stcheng@online.microsoft.com (Steven Cheng[MSFT]) > | Organization: Microsoft > | Date: Thu, 27 Oct 2005 02:40:35 GMT > | Subject: Re: Code runs until Basic Authentication or Digest Authentication > | X-Tomcat-NG: microsoft.public.inetserver.iis.security > | Message-ID: <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> > | Newsgroups: microsoft.public.inetserver.iis.security > | Lines: 222 > | Path: TK2MSFTNGXA01.phx.gbl > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8834 > | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122 > | > | Hi Bmeyer, > | > | From a general view of the code you provided, the code logic is all ok. > | You're using the HTTpWebRequest component to programmatically request the > | SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw you've > | attached the NetworkCredential for the request in code. However, I 've > | found one problem which maybe the cause in the following function: > | > | ======================== > | Public Function GetSessionVars() As Boolean > | ' First get the Session Cookie > | Dim ASPCookieName As String = "" > | Dim ASPCookieValue As String = "" > | Dim myRequest As WebRequest > | Dim myResponse As WebResponse > | Dim PageVal As String > | > | Try > | If Not GetSessionCookie(ASPCookieName, ASPCookieValue) Then > | Return False > | End If > | > | > | > | ' Initialize the WebRequest. > | PageVal = CreateURI() > | myRequest = WebRequest.Create(PageVal) > | > | > | '................................. > | '................................. > | > | > | > | 'Dim myCred As New > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), > | ConfigurationSettings.AppSettings("AuthPwd")) > | Dim myCred As New > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), > | ConfigurationSettings.AppSettings("AuthPwd"), > | ConfigurationSettings.AppSettings("AuthDomain")) > | '20 Jul 05 end > | Dim myCache As New CredentialCache > | myCache.Add(oContext.Current.Request.Url, "Basic", myCred) > | myRequest.Credentials = myCache > | > | ============================= > | > | At the start of the function, you use the "PageVal"(which should be the > asp > | page's url) to create the webrequest > | > | PageVal = CreateURI() > | myRequest = WebRequest.Create(PageVal) > | > | However, when you create the NetworkCredential and add into the > | CredentialCache, you use the > | > | "oContext.Current.Request.Url" as the Url, I think you should change > this > | to "PageVal" because the url for the Credential should match the target > | page's url rather than the current page. Try the following one instead to > | see whether it works: > | > | Dim myCache As New CredentialCache > | myCache.Add(PageVal, "Basic", myCred) > | myRequest.Credentials = myCache > | > | Thanks, > | > | Steven Cheng > | Microsoft Online Support > | > | Get Secure! www.microsoft.com/security > | (This posting is provided "AS IS", with no warranties, and confers no > | rights.) > | > | -------------------- > | | Thread-Topic: Code runs until Basic Authentication or Digest > | Authentication > | | thread-index: AcXaStyV2GreI66gTB2zKWsv+usadg== > | | X-WBNR-Posting-Host: 205.158.212.246 > | | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> > | | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> > | <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> > | <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> > | <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> > | <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> > | <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> > | | Subject: Re: Code runs until Basic Authentication or Digest > Authentication > | | Date: Wed, 26 Oct 2005 09:32:31 -0700 > | | Lines: 96 > | | Message-ID: <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> > | | MIME-Version: 1.0 > | | Content-Type: text/plain; > | | charset="Utf-8" > | | Content-Transfer-Encoding: 7bit > | | X-Newsreader: Microsoft CDO for Windows 2000 > | | Content-Class: urn:content-classes:message > | | Importance: normal > | | Priority: normal > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 > | | Newsgroups: microsoft.public.inetserver.iis.security > | | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 > | | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl > | | Xref: TK2MSFTNGXA01.phx.gbl > microsoft.public.inetserver.iis.security:8830 > | | X-Tomcat-NG: microsoft.public.inetserver.iis.security > | | > | | Based on these logs, do you see anything else that might steer us in > the > | | right direction > | | > | | --Works - Anonymous Allowed > | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 - 111.222.333.109 > | | > | > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) > | - > | | - 301 0 0 > | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp - > 80 > | - > | | 111.222.333.109 > | | > | > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) > | - > | | - 200 0 0
Thanks for your followup Bmeyer,
I'm sorry to hear that the problem still remains. So are you still encountering the access denied error when programmatically access the ASP page? Also, as you mentioned that ========== Works fine from same browser window - but when new browser window launches, no luck =========== What does the "new browser window launches means"? Also, have you tried using WebRequest (with clear text username/password credential) in a console .net app to request that ASP page to see whether you can get response successfully? Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | Thread-Topic: Code runs until Basic Authentication or Digest Authentication | thread-index: AcXgx8/3wD7G5YlKQhu/FmhhjSmRBg== | X-WBNR-Posting-Host: 205.158.212.246 | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> <iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl> | Subject: Re: Code runs until Basic Authentication or Digest Authentication | Date: Thu, 3 Nov 2005 14:42:04 -0800 | Lines: 321 | Message-ID: <F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | charset="Utf-8" | Content-Transfer-Encoding: 7bit | X-Newsreader: Microsoft CDO for Windows 2000 | Content-Class: urn:content-classes:message | Importance: normal | Priority: normal | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 | Newsgroups: microsoft.public.inetserver.iis.security | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8927 | X-Tomcat-NG: microsoft.public.inetserver.iis.security | | Thanks for the note. I was out of town for a few days. I did change the | code as follows, but still get the same problem. Works fine from same | browser window - but when new browser window launches, no luck | | | PageVal = CreateURI() | myRequest = WebRequest.Create(PageVal) | | Dim myCred As New | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), | ConfigurationSettings.AppSettings("AuthPwd"), | ConfigurationSettings.AppSettings("AuthDomain")) | Dim myCache As New CredentialCache | | 'myCache.Add(oContext.Current.Request.Url, "Basic", myCred) | myCache.Add(myRequest.RequestUri, "Basic", myCred) | | | [quoted text, click to view] | "Steven Cheng[MSFT]" wrote: | | > Hi Bmeyer, | > | > How are you doing on this issue? Does the suggestions in my last reply | > helps a little? If there're anything else we can help, please feel free to | > post here. Thanks, | > | > Steven Cheng | > Microsoft Online Support | > | > Get Secure! www.microsoft.com/security | > (This posting is provided "AS IS", with no warranties, and confers no | > rights.) | > -------------------- | > | X-Tomcat-ID: 49436306 | > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> | > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> | > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> | > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> | > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> | > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> | > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> | > | MIME-Version: 1.0 | > | Content-Type: text/plain | > | Content-Transfer-Encoding: 7bit | > | From: stcheng@online.microsoft.com (Steven Cheng[MSFT]) | > | Organization: Microsoft | > | Date: Thu, 27 Oct 2005 02:40:35 GMT | > | Subject: Re: Code runs until Basic Authentication or Digest Authentication | > | X-Tomcat-NG: microsoft.public.inetserver.iis.security | > | Message-ID: <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> | > | Newsgroups: microsoft.public.inetserver.iis.security | > | Lines: 222 | > | Path: TK2MSFTNGXA01.phx.gbl | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8834 | > | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122 | > | | > | Hi Bmeyer, | > | | > | From a general view of the code you provided, the code logic is all ok. | > | You're using the HTTpWebRequest component to programmatically request the | > | SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw you've | > | attached the NetworkCredential for the request in code. However, I 've | > | found one problem which maybe the cause in the following function: | > | | > | ======================== | > | Public Function GetSessionVars() As Boolean | > | ' First get the Session Cookie | > | Dim ASPCookieName As String = "" | > | Dim ASPCookieValue As String = "" | > | Dim myRequest As WebRequest | > | Dim myResponse As WebResponse | > | Dim PageVal As String | > | | > | Try | > | If Not GetSessionCookie(ASPCookieName, ASPCookieValue) Then | > | Return False | > | End If | > | | > | | > | | > | ' Initialize the WebRequest. | > | PageVal = CreateURI() | > | myRequest = WebRequest.Create(PageVal) | > | | > | | > | '................................. | > | '................................. | > | | > | | > | | > | 'Dim myCred As New | > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), | > | ConfigurationSettings.AppSettings("AuthPwd")) | > | Dim myCred As New | > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), | > | ConfigurationSettings.AppSettings("AuthPwd"), | > | ConfigurationSettings.AppSettings("AuthDomain")) | > | '20 Jul 05 end | > | Dim myCache As New CredentialCache | > | myCache.Add(oContext.Current.Request.Url, "Basic", myCred) | > | myRequest.Credentials = myCache | > | | > | ============================= | > | | > | At the start of the function, you use the "PageVal"(which should be the | > asp | > | page's url) to create the webrequest | > | | > | PageVal = CreateURI() | > | myRequest = WebRequest.Create(PageVal) | > | | > | However, when you create the NetworkCredential and add into the | > | CredentialCache, you use the | > | | > | "oContext.Current.Request.Url" as the Url, I think you should change | > this | > | to "PageVal" because the url for the Credential should match the target
Thanks for your followup Bmeyer,
You can contact Microsoft Product Support directly to discuss additional support options you may have available, by contacting us at 1-(800)936-5800 or by choosing one of the options listed at http://support.microsoft.com/default.aspx?scid=sz;en-us;top. Of course, as MSDN subscriber, you can use your available support indicent on this. Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | Thread-Topic: Code runs until Basic Authentication or Digest Authentication | thread-index: AcXjzMZquzI9KYpqRXyTyn7jD8CvPw== | X-WBNR-Posting-Host: 205.158.212.246 | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> <iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl> <F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com> <ptZpQsz4FHA.3936@TK2MSFTNGXA01.phx.gbl> | Subject: Re: Code runs until Basic Authentication or Digest Authentication | Date: Mon, 7 Nov 2005 10:55:09 -0800 | Lines: 315 | Message-ID: <EDF68B48-A09E-4080-B8CB-0F703AF12BB3@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | charset="Utf-8" | Content-Transfer-Encoding: 7bit | X-Newsreader: Microsoft CDO for Windows 2000 | Content-Class: urn:content-classes:message | Importance: normal | Priority: normal | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 | Newsgroups: microsoft.public.inetserver.iis.security | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8972 | X-Tomcat-NG: microsoft.public.inetserver.iis.security | | Our intranet page authenticates users, then it uses window.open in javascript | to open new window where our .NET application starts up. That results in | the authentication failure when later switching from ASP to ASP.NET. | | If users go directly to the application and are authenticated without a new | browser window opening, then the session seems to work | | I haven't tried a console .NET app - not sure how I'd do that since the | whole thing seems to be related to IIS and authentication... | | Is there a way to open a case via our MSDN subscription? This just doesn't | seem to be working | [quoted text, click to view] | "Steven Cheng[MSFT]" wrote: | | > Thanks for your followup Bmeyer, | > | > I'm sorry to hear that the problem still remains. So are you still | > encountering the access denied error when programmatically access the ASP | > page? Also, as you mentioned that | > ========== | > Works fine from same | > browser window - but when new browser window launches, no luck | > =========== | > | > What does the | > "new browser window launches means"? | > | > Also, have you tried using WebRequest (with clear text username/password | > credential) in a console .net app to request that ASP page to see whether | > you can get response successfully? | > | > Thanks, | > | > Steven Cheng | > Microsoft Online Support | > | > Get Secure! www.microsoft.com/security | > (This posting is provided "AS IS", with no warranties, and confers no | > rights.) | > | > | > -------------------- | > | Thread-Topic: Code runs until Basic Authentication or Digest | > Authentication | > | thread-index: AcXgx8/3wD7G5YlKQhu/FmhhjSmRBg== | > | X-WBNR-Posting-Host: 205.158.212.246 | > | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> | > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> | > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> | > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> | > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> | > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> | > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> | > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> | > <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> | > <iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl> | > | Subject: Re: Code runs until Basic Authentication or Digest Authentication | > | Date: Thu, 3 Nov 2005 14:42:04 -0800 | > | Lines: 321 | > | Message-ID: <F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com> | > | MIME-Version: 1.0 | > | Content-Type: text/plain; | > | charset="Utf-8" | > | Content-Transfer-Encoding: 7bit | > | X-Newsreader: Microsoft CDO for Windows 2000 | > | Content-Class: urn:content-classes:message | > | Importance: normal | > | Priority: normal | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 | > | Newsgroups: microsoft.public.inetserver.iis.security | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8927 | > | X-Tomcat-NG: microsoft.public.inetserver.iis.security | > | | > | Thanks for the note. I was out of town for a few days. I did change the | > | code as follows, but still get the same problem. Works fine from same | > | browser window - but when new browser window launches, no luck | > | | > | | > | PageVal = CreateURI() | > | myRequest = WebRequest.Create(PageVal) | > | | > | Dim myCred As New | > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), | > | ConfigurationSettings.AppSettings("AuthPwd"), | > | ConfigurationSettings.AppSettings("AuthDomain")) | > | Dim myCache As New CredentialCache | > | | > | 'myCache.Add(oContext.Current.Request.Url, "Basic", myCred) | > | myCache.Add(myRequest.RequestUri, "Basic", myCred) | > | | > | | > | [quoted text, click to view] | > | "Steven Cheng[MSFT]" wrote: | > | | > | > Hi Bmeyer, | > | > | > | > How are you doing on this issue? Does the suggestions in my last reply | > | > helps a little? If there're anything else we can help, please feel free | > to | > | > post here. Thanks, | > | > | > | > Steven Cheng | > | > Microsoft Online Support | > | > | > | > Get Secure! www.microsoft.com/security | > | > (This posting is provided "AS IS", with no warranties, and confers no | > | > rights.) | > | > -------------------- | > | > | X-Tomcat-ID: 49436306 | > | > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> | > | > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> | > | > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> | > | > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> | > | > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> | > | > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
Our intranet page authenticates users, then it uses window.open in javascript
to open new window where our .NET application starts up. That results in the authentication failure when later switching from ASP to ASP.NET. If users go directly to the application and are authenticated without a new browser window opening, then the session seems to work I haven't tried a console .NET app - not sure how I'd do that since the whole thing seems to be related to IIS and authentication... Is there a way to open a case via our MSDN subscription? This just doesn't seem to be working [quoted text, click to view] "Steven Cheng[MSFT]" wrote:
> Thanks for your followup Bmeyer, > > I'm sorry to hear that the problem still remains. So are you still > encountering the access denied error when programmatically access the ASP > page? Also, as you mentioned that > ========== > Works fine from same > browser window - but when new browser window launches, no luck > =========== > > What does the > "new browser window launches means"? > > Also, have you tried using WebRequest (with clear text username/password > credential) in a console .net app to request that ASP page to see whether > you can get response successfully? > > Thanks, > > Steven Cheng > Microsoft Online Support > > Get Secure! www.microsoft.com/security > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > > > -------------------- > | Thread-Topic: Code runs until Basic Authentication or Digest > Authentication > | thread-index: AcXgx8/3wD7G5YlKQhu/FmhhjSmRBg== > | X-WBNR-Posting-Host: 205.158.212.246 > | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam> > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> > <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> > <iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl> > | Subject: Re: Code runs until Basic Authentication or Digest Authentication > | Date: Thu, 3 Nov 2005 14:42:04 -0800 > | Lines: 321 > | Message-ID: <F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com> > | MIME-Version: 1.0 > | Content-Type: text/plain; > | charset="Utf-8" > | Content-Transfer-Encoding: 7bit > | X-Newsreader: Microsoft CDO for Windows 2000 > | Content-Class: urn:content-classes:message > | Importance: normal > | Priority: normal > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 > | Newsgroups: microsoft.public.inetserver.iis.security > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250 > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8927 > | X-Tomcat-NG: microsoft.public.inetserver.iis.security > | > | Thanks for the note. I was out of town for a few days. I did change the > | code as follows, but still get the same problem. Works fine from same > | browser window - but when new browser window launches, no luck > | > | > | PageVal = CreateURI() > | myRequest = WebRequest.Create(PageVal) > | > | Dim myCred As New > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), > | ConfigurationSettings.AppSettings("AuthPwd"), > | ConfigurationSettings.AppSettings("AuthDomain")) > | Dim myCache As New CredentialCache > | > | 'myCache.Add(oContext.Current.Request.Url, "Basic", myCred) > | myCache.Add(myRequest.RequestUri, "Basic", myCred) > | > | > | > | "Steven Cheng[MSFT]" wrote: > | > | > Hi Bmeyer, > | > > | > How are you doing on this issue? Does the suggestions in my last reply > | > helps a little? If there're anything else we can help, please feel free > to > | > post here. Thanks, > | > > | > Steven Cheng > | > Microsoft Online Support > | > > | > Get Secure! www.microsoft.com/security > | > (This posting is provided "AS IS", with no warranties, and confers no > | > rights.) > | > -------------------- > | > | X-Tomcat-ID: 49436306 > | > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com> > | > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl> > | > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl> > | > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl> > | > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com> > | > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl> > | > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com> > | > | MIME-Version: 1.0 > | > | Content-Type: text/plain > | > | Content-Transfer-Encoding: 7bit > | > | From: stcheng@online.microsoft.com (Steven Cheng[MSFT]) > | > | Organization: Microsoft > | > | Date: Thu, 27 Oct 2005 02:40:35 GMT > | > | Subject: Re: Code runs until Basic Authentication or Digest > Authentication > | > | X-Tomcat-NG: microsoft.public.inetserver.iis.security > | > | Message-ID: <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl> > | > | Newsgroups: microsoft.public.inetserver.iis.security > | > | Lines: 222 > | > | Path: TK2MSFTNGXA01.phx.gbl > | > | Xref: TK2MSFTNGXA01.phx.gbl > microsoft.public.inetserver.iis.security:8834 > | > | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122 > | > | > | > | Hi Bmeyer, > | > | > | > | From a general view of the code you provided, the code logic is all > ok. > | > | You're using the HTTpWebRequest component to programmatically request > the > | > | SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw > you've > | > | attached the NetworkCredential for the request in code. However, I > 've > | > | found one problem which maybe the cause in the following function: > | > | > | > | ======================== > | > | Public Function GetSessionVars() As Boolean > | > | ' First get the Session Cookie > | > | Dim ASPCookieName As String = "" > | > | Dim ASPCookieValue As String = "" > | > | Dim myRequest As WebRequest > | > | Dim myResponse As WebResponse > | > | Dim PageVal As String > | > | > | > | Try > | > | If Not GetSessionCookie(ASPCookieName, ASPCookieValue) > Then > | > | Return False > | > | End If > | > | > | > | > | > | > | > | ' Initialize the WebRequest. > | > | PageVal = CreateURI() > | > | myRequest = WebRequest.Create(PageVal) > | > | > | > | > | > | '................................. > | > | '................................. > | > | > | > | > | > | > | > | 'Dim myCred As New > | > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"), > | > | ConfigurationSettings.AppSettings("AuthPwd")) > | > | Dim myCred As New
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |