| BMeyer 2005-11-08, 6:28 pm |
| Our intranet page authenticates users, then it uses window.open in javascript
to open new window where our .NET application starts up. That results in
the authentication failure when later switching from ASP to ASP.NET.
If users go directly to the application and are authenticated without a new
browser window opening, then the session seems to work
I haven't tried a console .NET app - not sure how I'd do that since the
whole thing seems to be related to IIS and authentication...
Is there a way to open a case via our MSDN subscription? This just doesn't
seem to be working
"Steven Cheng[MSFT]" wrote:
> Thanks for your followup Bmeyer,
>
> I'm sorry to hear that the problem still remains. So are you still
> encountering the access denied error when programmatically access the ASP
> page? Also, as you mentioned that
> ==========
> Works fine from same
> browser window - but when new browser window launches, no luck
> ===========
>
> What does the
> "new browser window launches means"?
>
> Also, have you tried using WebRequest (with clear text username/password
> credential) in a console .net app to request that ASP page to see whether
> you can get response successfully?
>
> Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
> --------------------
> | Thread-Topic: Code runs until Basic Authentication or Digest
> Authentication
> | thread-index: AcXgx8/3wD7G5YlKQhu/FmhhjSmRBg==
> | X-WBNR-Posting-Host: 205.158.212.246
> | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam>
> | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
> <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
> <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
> <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
> <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
> <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
> <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
> <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl>
> <iSzWzgu3FHA.1144@TK2MSFTNGXA01.phx.gbl>
> | Subject: Re: Code runs until Basic Authentication or Digest Authentication
> | Date: Thu, 3 Nov 2005 14:42:04 -0800
> | Lines: 321
> | Message-ID: <F2AA82B6-C140-46F5-AECF-BA18037C4AC6@microsoft.com>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.inetserver.iis.security
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.inetserver.iis.security:8927
> | X-Tomcat-NG: microsoft.public.inetserver.iis.security
> |
> | Thanks for the note. I was out of town for a few days. I did change the
> | code as follows, but still get the same problem. Works fine from same
> | browser window - but when new browser window launches, no luck
> |
> |
> | PageVal = CreateURI()
> | myRequest = WebRequest.Create(PageVal)
> |
> | Dim myCred As New
> | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
> | ConfigurationSettings.AppSettings("AuthPwd"),
> | ConfigurationSettings.AppSettings("AuthDomain"))
> | Dim myCache As New CredentialCache
> |
> | 'myCache.Add(oContext.Current.Request.Url, "Basic", myCred)
> | myCache.Add(myRequest.RequestUri, "Basic", myCred)
> |
> |
> |
> | "Steven Cheng[MSFT]" wrote:
> |
> | > Hi Bmeyer,
> | >
> | > How are you doing on this issue? Does the suggestions in my last reply
> | > helps a little? If there're anything else we can help, please feel free
> to
> | > post here. Thanks,
> | >
> | > Steven Cheng
> | > Microsoft Online Support
> | >
> | > Get Secure! www.microsoft.com/security
> | > (This posting is provided "AS IS", with no warranties, and confers no
> | > rights.)
> | > --------------------
> | > | X-Tomcat-ID: 49436306
> | > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
> | > <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
> | > <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
> | > <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
> | > <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
> | > <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
> | > <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain
> | > | Content-Transfer-Encoding: 7bit
> | > | From: stcheng@online.microsoft.com (Steven Cheng[MSFT])
> | > | Organization: Microsoft
> | > | Date: Thu, 27 Oct 2005 02:40:35 GMT
> | > | Subject: Re: Code runs until Basic Authentication or Digest
> Authentication
> | > | X-Tomcat-NG: microsoft.public.inetserver.iis.security
> | > | Message-ID: <thhaZ$p2FHA.2904@TK2MSFTNGXA01.phx.gbl>
> | > | Newsgroups: microsoft.public.inetserver.iis.security
> | > | Lines: 222
> | > | Path: TK2MSFTNGXA01.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.inetserver.iis.security:8834
> | > | NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
> | > |
> | > | Hi Bmeyer,
> | > |
> | > | From a general view of the code you provided, the code logic is all
> ok.
> | > | You're using the HTTpWebRequest component to programmatically request
> the
> | > | SessionAsp.asp page to retrieve ASP sessions, yes? Also, I saw
> you've
> | > | attached the NetworkCredential for the request in code. However, I
> 've
> | > | found one problem which maybe the cause in the following function:
> | > |
> | > | ========================
> | > | Public Function GetSessionVars() As Boolean
> | > | ' First get the Session Cookie
> | > | Dim ASPCookieName As String = ""
> | > | Dim ASPCookieValue As String = ""
> | > | Dim myRequest As WebRequest
> | > | Dim myResponse As WebResponse
> | > | Dim PageVal As String
> | > |
> | > | Try
> | > | If Not GetSessionCookie(ASPCookieName, ASPCookieValue)
> Then
> | > | Return False
> | > | End If
> | > |
> | > |
> | > |
> | > | ' Initialize the WebRequest.
> | > | PageVal = CreateURI()
> | > | myRequest = WebRequest.Create(PageVal)
> | > |
> | > |
> | > | '.................................
> | > | '.................................
> | > |
> | > |
> | > |
> | > | 'Dim myCred As New
> | > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
> | > | ConfigurationSettings.AppSettings("AuthPwd"))
> | > | Dim myCred As New
> | > | NetworkCredential(ConfigurationSettings.AppSettings("AuthString"),
> | > | ConfigurationSettings.AppSettings("AuthPwd"),
> | > | ConfigurationSettings.AppSettings("AuthDomain"))
> | > | '20 Jul 05 end
> | > | Dim myCache As New CredentialCache
> | > | myCache.Add(oContext.Current.Request.Url, "Basic", myCred)
> | > | myRequest.Credentials = myCache
> | > |
> | > | =============================
> | > |
> | > | At the start of the function, you use the "PageVal"(which should be
> the
> | > asp
> | > | page's url) to create the webrequest
> | > |
> | > | PageVal = CreateURI()
> | > | myRequest = WebRequest.Create(PageVal)
> | > |
> | > | However, when you create the NetworkCredential and add into the
> | > | CredentialCache, you use the
> | > |
> | > | "oContext.Current.Request.Url" as the Url, I think you should change
> | > this
> | > | to "PageVal" because the url for the Credential should match the
> target
> | > | page's url rather than the current page. Try the following one
> instead to
> | > | see whether it works:
> | > |
> | > | Dim myCache As New CredentialCache
> | > | myCache.Add(PageVal, "Basic", myCred)
> | > | myRequest.Credentials = myCache
> | > |
> | > | Thanks,
> | > |
> | > | Steven Cheng
> | > | Microsoft Online Support
> | > |
> | > | Get Secure! www.microsoft.com/security
> | > | (This posting is provided "AS IS", with no warranties, and confers no
> | > | rights.)
> | > |
> | > | --------------------
> | > | | Thread-Topic: Code runs until Basic Authentication or Digest
> | > | Authentication
> | > | | thread-index: AcXaStyV2GreI66gTB2zKWsv+usadg==
> | > | | X-WBNR-Posting-Host: 205.158.212.246
> | > | | From: =?Utf-8?B?Qk1leWVy?= <bmeyer@community.nospam>
> | > | | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
> | > | <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
> | > | <qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl>
> | > | <OY7mFuj2FHA.1292@TK2MSFTNGP12.phx.gbl>
> | > | <8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com>
> | > | <#bCS9Qk2FHA.3704@TK2MSFTNGP10.phx.gbl>
> | > | | Subject: Re: Code runs until Basic Authentication or Digest
> | > Authentication
> | > | | Date: Wed, 26 Oct 2005 09:32:31 -0700
> | > | | Lines: 96
> | > | | Message-ID: <A47E53F4-8207-409D-8088-43BD9D47DE2F@microsoft.com>
> | > | | MIME-Version: 1.0
> | > | | Content-Type: text/plain;
> | > | | charset="Utf-8"
> | > | | Content-Transfer-Encoding: 7bit
> | > | | X-Newsreader: Microsoft CDO for Windows 2000
> | > | | Content-Class: urn:content-classes:message
> | > | | Importance: normal
> | > | | Priority: normal
> | > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | | Newsgroups: microsoft.public.inetserver.iis.security
> | > | | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | | Xref: TK2MSFTNGXA01.phx.gbl
> | > microsoft.public.inetserver.iis.security:8830
> | > | | X-Tomcat-NG: microsoft.public.inetserver.iis.security
> | > | |
> | > | | Based on these logs, do you see anything else that might steer us
> in
> | > the
> | > | | right direction
> | > | |
> | > | | --Works - Anonymous Allowed
> | > | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx - 80 -
> 111.222.333.109
> | > | |
> | > |
> | >
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> | > | -
> | > | | - 301 0 0
> | > | | 2005-10-24 19:37:18 111.222.333.23 GET /aspaspx/LaunchNewWindow.asp
> -
> | > 80
> | > | -
> | > | | 111.222.333.109
> | > | |
> | > |
> | >
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> | > | -
> | > | | - 200 0 0
> | > | | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/start.asp - 80 -
> | > | | 111.222.333.109
> | > | |
> | > |
> | >
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> | > | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBC
PJIDM http://dev5/aspaspx/
> 200
> | > 0 0
> | > | | 2005-10-24 19:37:20 111.222.333.23 GET /aspaspx/SessionVar.asp - 80
> -
> | > | | 111.222.333.109
> | > | |
> | > |
> | >
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> | > | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBC
PJIDM
> | > | http://dev5/aspaspx/start.asp
> | > | | 200 0 0
> | > | | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/SessionVar.asp - 80
> -
> | > | | 111.222.333.23 - ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBC
PJIDM -
> 200 0 0
> | > | | 2005-10-24 19:37:21 111.222.333.23 GET /aspaspx/WebForm1.aspx - 80
> -
> | > | | 111.222.333.109
> | > | |
> | > |
> | >
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> | > | | ASPSESSIONIDSSQRBBQB=JMKLJIJCOPAEHHCBKBC
PJIDM
> | > | | http://dev5/aspaspx/SessionVar.asp 200 0 0
> | > | |
> | > | | --Fails - Digest Authentication
> | > | | 2005-10-24 19:37:51 111.222.333.23 GET /aspaspx - 80 -
> 111.222.333.109
|