Now this is puzzling me 2 days, I am using classic ASP to connect to XML on my server. I've had 2003 and 2008 and 2012 before, it worked.
This is my code:
Set objXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
url="http://www.server.com/xyz.asp"
objXmlHttp.open "GET", url, False
objXmlHttp.Send
If I coonect to the http version of the file xyz.asp, I get error: The certificate authority is invalid or incorrect. ??? I don't even try to use https, I call the script on http page and connect to http page.
If I use https, that means if call my page on https (I have valid certificate) and try to connect with xmlhttp object everything stalls and I get timeout on .send.
Any ideas? This happens on Windows 2016. But it seems the problem is the xyz.asp (xml file), I can open it from the URL and XML code shows with no problem, but the serverXMLHTTP doesn't like it. If I connect to the file on the old server 2012, it works ok...
How can I even snoop on the problem?
what happens if you try a more recent version of ServerXmlHttp?
Set objXmlHttp = Server.CreateObject("MSXML2.serverXMLHTTP.6.0")
you may also want to look at:
Can't use HTTPS with ServerXMLHTTP object
VBA ServerXMLHTTP https request with self signed certificate
Related
I'm using IIS 10 server as a gateway for Node.js server.
When client calls download files such as zip file, IIS server download Node.js server internally with HTTP protocol, and then it pass to client with HTTPS.
But in Chrome web browser, It shows error
net::ERR_HTTP_1_1_REQUIRED with status 200, and when I try to download again it works well until I clear the caches.
In Firefox, it returns status 200 too, but nothing's happen.
In Microsoft Edge and IE11 works well too.
I've set enough timeout and buffer size in IIS.
May Chrome and Firefox go wrong at HTTPS - HTTP connection or something else?
There may be some extensions in your Firefox and Chrome that can cause this error. This error means a browser extension blocked the request. The most common culprit is an ad blocker like AdBlock Plus. In short your requests to server have been blocked by an extension. so you can try to disable these extensions and try again.
It seems that the .NET Core team found a related issue and provided a workaround.
Perhaps the same can be applied with other frameworks.
https://github.com/dotnet/aspnetcore/issues/4398
Apparently, when doing an ajax request from a browser, it will sometimes send an OPTIONS request before the real request with a 204 status code which causes the problem.
For me, it seems to have solved my problem to return the file with a response content-type of "text/plain" instead of "application/octet-stream"
I'm not really sure why it works, it just does.
I have to prevent a Cross-Site Scripting vulnerability from being sent in an HttpResponse from data in the HttpRequest header to pass a webapp assessment.
For example, HttpRequest Header:
GET /%22%20%73%54%79%4c%65%3d%58%3a%65%58%2f%2a%2a%2f%70%52%65%53%73%49%6f%4e%28% 61%6c%65%72%74%28%35%37%31%33%35%29%29%20%22 HTTP/1.1
HttpResponse Location Value:
/" sTyLe=X:eX/**/pReSsIoN(%?3e3ea140
My site is an ASP.Net website written in VB.Net running on Windows Server 2003 with IIS 6.0. What are my options? Do I have to use ISAPI filters in IIS?
Proper way to do this is to make sure your data in database (or whatever source you’re using) is clean and also to make sure you’re validating all user input on the server side.
Once you confirm your data is clean and that all input is being validated you should be safe.
Not sure if there are any built in ways in IIS.
I'm debugging two ASP.NET applications running on the same machine under different instances of Cassini and with "custom errors" off. One app is running on port 100 and wants to perform a GET request from the other app running on port 90. So it runs this code:
WebRequest request = WebRequest.Create(
"http://localhost:90/Controller/Action?Param1=foo&Param2=bar");
request.Timeout = 10000;
request.GetResponse();
and the last line throws a WebException with HTTP 400 code and null InnerException. If I copy the very same URL in clipboard, past it into IE running on the same machine - the request is queued to the app on port 90 and its /Controller/Action/ is invoked and even parameters are passed okay.
What could be the problem origin here and how do I solve it?
I think you should try without the params in the url.
WebRequest request = WebRequest.Create("localhost:90/Controller/Action");
request.Timeout = 10000;
request.GetResponse();
if it does work you need to add some user-agent headers to allow the use of params.
Also you should probably look at WebClient.
MSDN
personally I would also look at using IISExpress or IIS to develop this kind of solution.
Just an outsider's observation here, consider making this call to the second webmethod via an ajax call from the browser and aggregate the results clientside using javascript (jQuery).
I would try and use the overload of WebRequest.Create that takes a URI object, that way you can rule out a fat-fingered URL.
Two hours debugging - and it turned out that service at port 90 would redirect the request back to the service at port 100 but wouldn't provide a required parameter in the URL, so the handler in the service at port 100 would throw an exception and return the HTTP 400 which was then reported by the GetResponse(). The solution was to change the logic so that there's no redirect for this specific request because the redirect would make no sense for this specific request.
And the jury finds both Cassini and ASP.NET to be not guilty.
Set oXMLHttp=Server.CreateObject("MSXML2.XMLHTTP")
On Error Resume Next
oXMLHttp.open "GET", "http://xxxxxx.com",False
oXMLHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oXMLHttp.send()
x = oXMLHttp.responseText
I'm getting this error: Access Denied
Where r u getting the error? On the server postback or on the web page? My guess is that this should not happen if you are doing this via server side. However if you are doing this via javascript within your html page then the same-origin policy might cause a problem
Browsers have a same domain policy. This means you cannot do xhr calls to other domains.
You will either have to use a server side proxy service on your domain to do the remote call for you or if the endpoint supports jsonp you can use a script tag to emulate an xhr call.
I have two ASP.NET projects in my solution, and run on different localhost ports when I start debugging. I have a generic handler in site A, which is called by site B:
String url = "http://localhost:1234/UrlOnSiteA.ashx";
WebClient client = New WebClient();
client.Credentials = CredentialCache.DefaultNetworkCredentials;
client.OpenRead(url);
The OpenRead call throws an exception with a 500 error, and I don't know why. The error message is:
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
Other info:
A breakpoint on the very first line of the handler code isn't hit.
The handler runs properly (and hits the breakpoint) when its URL is used in a browser.
Visual Studio 2008 Professional, running .NET 2.0 sites.
I suspect it's a configuration issue. Any ideas?
I'd diagnose this first by figuring out what's causing the exception. Look at the Response property of the WebException, and read the HTML returned. Any clues? (You may need to disable custom errors in your web.config to see the actual error response.)
Another approach to get the same response info would be to use Fiddler, and set the proxy of your WebClient call to the Fiddler proxy address. Then you can use fiddler to see the response HTML.
A slightly different approach would be to change the Exceptions settings in Visual Studio to break into the debugger whenever a WebException is thrown. You can do this from the Debug...Exceptions... dialog box.