quote:

---

> Read this URL for an explanation of how some authentication protocols

---

quote:

---

> http://support.microsoft.com/?id=264921

---

quote:

---

> What exactly are you trying to do with your code?

---

quote:

---

> I do not understand why you do every operation twice,

---

quote:

---

>send a GET request with entity body,

---

quote:

---

>whether the resource URL handles entity body and sends a response

---

quote:

---

> send WWW-Authenticate, a response header, on a request,

---

quote:

---

>nor why you think there is something "undocumented" going on.

---

quote:

---

> 4. IE will try to auto-logon a couple of times for you, and if they are

---

quote:

---

> rejected by 401.x, then it pops up the username/password dialog box.

---

quote:

---

> I would suggest you first figure out how to get a single anonymous GET
> request without entity body working,

---

quote:

---

>then add authentication

---

quote:

---

>, then add SSL,

---

quote:

---

> and finally, change to POST with entity body.

---

quote:

---

>I would also make sure to
> configure the server properly to respond appropriatly to entity body,
>SSL, and authentication.

---

quote:

---

> Finally, realize that WinInet is old code that is documented to be not
> performant enough for server-usage -- try WinHTTP or newer.

---

quote:

---

> "Sten Westerback" <sten.westerback@NO_SPAMnokia.com> wrote in message
> news:5SJRb.7884$g4.163661@news2.nokia.com...
> Hi
>
> I have problems getting "IE style" automatic http authentication agains

---

quote:

---

> to work using code like the following (with appropriate account & pw).
> I get the error text "401.3 Unauthorized due to ACL on resource" from
> the server even if i know the account and password works using IE.
>
> #include <windows.h>
> #include <Wininet.h>
> #include <Lm.h>
>
> char *Http_p_szPost(char *p_szURL, char *p_szObject, char *p_szBodyData)
> { // the p_szObject parameter is not currently used (in case you
> wonder)
> char *p_szBuff, *p_szB;
> HINTERNET hInet, hInetS, hInetURL;
> DWORD dw;
> int n;
> char *p_szX= "Content-Type: text/html;
> charset=ISO-8859-4\r\nWWW-Authenticate: NTLM";
>
> hInet=InternetOpen("MyApp", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
> if (hInet==NULL) return NULL; // failure; error handling in calling

---

quote:

---

> hInetS=InternetConnect(hInet, "server.xxxx.com",
> INTERNET_DEFAULT_HTTP_PORT,
> "myaccount", "mypassword", INTERNET_SERVICE_HTTP, 0, 1968);
> if (hInetS==NULL)
> hInetS=InternetConnect(hInet, "server.xxxx..com",
> INTERNET_DEFAULT_HTTP_PORT,
> NULL, NULL, INTERNET_SERVICE_HTTP, 0, 1968);
> if (hInetS==NULL) return NULL;
>
> hInetURL=HttpOpenRequest(hInetS, "GET", "filename", NULL, NULL, "text/*",
> INTERNET_FLAG_KEEP_CONNECTION, 1968);
> if (hInetURL==NULL) // retry as someone suggested in old articles

---

quote:

---

> internally by InternetAPI")
>
> hInetURL=HttpOpenRequest(hInetS, "GET", "filename", NULL, NULL,
> "text/*",
> INTERNET_FLAG_KEEP_CONNECTION, 1968);
> if (hInetURL==NULL) return NULL;
>
> if (!HttpSendRequest(hInetURL, p_szX, strlen(p_szX), p_szBodyData,
> p_szBodyData==NULL?0:strlen(p_szBodyData)))
> {
> if (!HttpSendRequest(hInetURL, p_szX, strlen(p_szX), p_szBodyData,
> p_szBodyData==NULL?0:strlen(p_szBodyData))) return NULL;
> }
> p_szBuff=malloc(10000); p_szB=p_szBuff; dw=0; n=0;
> while (InternetReadFile(hInetURL, p_szB, 10000, &dw))
> {
> if (dw==0)
> { n++; if (n>5) break; if (p_szB==p_szBuff) Sleep(1000); else
> Sleep(500); }
> p_szB+=dw; dw=p_szB-p_szBuff; p_szBuff=realloc(p_szBuff, dw+10010);
> p_szB=p_szBuff+dw;
> }
> if ((dw=p_szB-p_szBuff)==0) { free(p_szBuff); p_szBuff=NULL; }
> else { p_szBuff=realloc(p_szBuff, dw+1010); p_szBuff[dw]=0;
> p_szBuff[dw+1]=0; }
> HttpEndRequest(hInetURL, NULL, HSR_SYNC, 1968);
> InternetCloseHandle(hInet);
> return p_szBuff;
> }
>
> int main(int nArgs, char *p_szArgs[])
> {
> char szPCname[50], szParams[1000],;
> ...
> sprintf(szParams, " go:2\r\ncomputer:%s\r\nconfirm:%s\r\nsub
mit:Confirm
> computername\r\n\r\n",
> szPCname, szPCname);
> p_sz=Http_p_szPost(http://server.xxxx.com/filename, "filename", szParams);
> }
>
> As you read this far i hope you have successfully made code
> that read protected Intranet pages.. or have other ideas.
> My questions are:
> - is automatic logon supported by the Internet*() and Http*()
> functions or does IE do some (undocumented) tricks? Which?
>
> - is the username=NULL and password=NULL parameters to
> InternetConnect() valid for this special purpose despite the
> documentation? I have tried both NULL,NULL and the
> actual values but still authentication fails.
>
> - if InternetOpenUrl() supports NTLM/Kerberos auto-
> authentication, is it possible to make it POST? And
> what is the correct POST format with HttpSendRequest ?
>
> - most important of all, what would be an API function call
> sequence that works?
>
> One more question. What is the purpose of InternetCheckConnection()
> which always seem to return NULL when connected to a LAN.
> Is it supposed to fail unless there is a dialup connection is can
> autoconnect?
> GetLastError() returns 2250 Network connection does not exist.
> Thanks for any ideas and code snipets you can provide.
>
> - Sten
>
>
>
>

---

quote:

---

>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:Owm5Beg5DHA.1040@TK2MSFTNGP10.phx.gbl...
> work:
>
> Thanks for responding.
>
> The initial purpose of the code is to automatically get a page from
> an server in intranet using my own code in the same way as IE
> does it as you desribed in your response. Later i'm supposed to
> POST a form to another URL in the same server.
>
> Because this trick was suggested in some old news articles
> i read. They claimed that the Internet API function will fail
> the first time but that it would handle the response to authentication
> automatically on the second attempt.
>
> do you mean the p_szBodyData parameter? I have tried it
> being NULL ... but isn't it here where the POST data goes?
>
> Well... in my code it only fails... But IE gladly just give me the html

---

quote:

---

> without asking anything. ;)
>
> I have also tried without any additional headers (p_szX="") in the
> request. But i suppose that i really would have to add some
> headers but can't figure out which. I have also tried a few other
> ones but i haven't seen any document specifying what IIS requires
> in a request.
>
> That "statement" was based on the fact that autoauthentication
> doesn't seem to be specified anywhere but there are still news
> articles claiming that they have done it (but they don't remember
> how ;).. so it seems that only IE knows how to do it.
>
> all
> I would like to repeat that my code is not IE... ;)
>
> GET's are working perfectly using InternetOpenUrl() but i
> suppose i have to try some other site. The only question is, what
> are you supposed to use as account & password in InternetConnect()
> when you aren't suppose to have to give any?
>
> I hope you mean "enable it on IIS testserver" or "switch to a domain
> protected site" and not "add authentication handshake code yourself"?
>
> SSL is not currently used by this site.
>
> Sure...
>
> One would guess that if IE can then my could should be able to?
>
> I just rechecked these functions after looking at them briefly
> some years ago. I then thought that they were meant primarily for
> use in service code. But i'm delighted to see that they allows NULL
> for the username in WinHTTPSetCredentials(). I'm of to do some
> rewrite now and will report how it goes. Thanks.
>
> - Sten
>
> IIS5
> routine
"text/*",[QUOTE][color=darkred]
> ("handled
szParams);[QUOTE][color=darkred]
>
>

---