Request.Form between HTTP and HTTPS pages in ASP.NET - asp.net

I have a strange situation and google isn't helping me out. I have an admin site which is in simple HTTP who posts data to a different site running under HTTPS. The HTTP admin site (which I don't have direct access to) is sending the info via basic POST, and I'm trying to capture the Request.Form values in the HTTPS site. It works perfectly well in dev, due to the fact that the receiving site isn't running under SSL, but in prod, I have the Request.Form as empty. Someone could enlighten me? The basic HTTPS request code is below:
Dim nvm As NameValueCollection = Request.Form
Dim _idInscricao As String
Dim _Origem As String
litMensagem.Text = "Wait..."
If nvm.Keys.Count = 0 Then
litMensagem.Text = "Error recovering data. No keys found."
Exit Sub
End If
For Each _Key As String In nvm.Keys
If _Key.ToLower.EndsWith("idinscricao") Then
_idInscricao = nvm(_Key)
End If
If _Key.ToLower.EndsWith("origem") Then
_Origem = nvm(_Key)
End If
Next
If _idInscricao Is Nothing OrElse String.IsNullOrEmpty(_idInscricao) _
OrElse _Origem Is Nothing OrElse String.IsNullOrEmpty(_Origem) Then
litMensagem.Text = "Error recovering data."
Exit Sub
End If

I found this question because I was having the same problem, and I need to thank dana for the fiddler recommendation.
Using Fiddler, I found out what was going on. My page was on HTTPS, and the form that I was posting posted to HTTP. I couldn't figure out why my form structure on the posted page was empty.
Turns out the server couldn't find the http version of the file and did an automatic redirect to the https version, doing a GET with my form variables. They aren't available in the form scope with a GET. (FWIW, I'm using CFML.)
Once I changed the form action to post to HTTPS, everything worked like a charm.
-jason

Related

HttpWebRequest received error 406 and Fiddler seems to have confused things

I am using the following code....
Dim myHttpWebRequest As HttpWebRequest = CType(WebRequest.Create(PostingUrl), HttpWebRequest)
myHttpWebRequest.Method = "POST"
myHttpWebRequest.Headers.Add("Authorization", "Bearer " & RSettings.access_token)
myHttpWebRequest.Headers.Add("Accept-Version", "2")
myHttpWebRequest.ContentType = "application/json; charset=UTF-8"
myHttpWebRequest.Accept = "application/json"
' myHttpWebRequest.Proxy = Nothing ' ** SEE NOTES ON THIS LINE **
Dim Byt As Byte() = Encoding.UTF8.GetBytes(DataString)
Using stream = myHttpWebRequest.GetRequestStream()
stream.Write(Byt, 0, Byt.Length)
End Using
Using myHttpWebResponse As HttpWebResponse = CType(myHttpWebRequest.GetResponse(), HttpWebResponse)
Using srRead As New StreamReader(myHttpWebResponse.GetResponseStream())
ListingResponse = srRead.ReadToEnd()
End Using
End Using
Where:
PostingUrl is "https://reverb.com/api/listings"
RSettings.access_token is (obviously) my access token for this API
DataString is a JSON string posting the data to the Reverb API
If I run my code from Visual Studio (localhost) it returns
The remote server returned an error: (406) Not Acceptable.
Trying to figure out why, I opened Fiddler hoping I could inspect content types and figure out the problem, but the response error changed to:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
(I'm guessing from this error that I also have an issue with my Auth key, but that's a separate subject I think.)
After a bit of Googling and S/O pages I found two suggestions:
Tools > Fiddler Options > HTTPS and uncheck "Capture HTTPS CONNECTs"
Add the commented out line: myHttpWebRequest.Proxy = Nothing
If I make any of those changes, I get back to my Error 406 that I get without Fiddler running.
However, if I add myHttpWebRequest.Proxy = Nothing line added, I can no longer see the Tunnel to http://reverb.com:443 Log entry in Fiddler, there's no record of a request to Reverb.com so I can't inspect anything.
I'm now very confused about what I'm doing, and I guess haven't actually made any progress at all!
I still have error 406 and don't seem to be able to inspect the headers/content type issues with Fiddler as I had hoped (please explain how if I am wrong!)
Even if I do correct the 406, I think I have an authentication error.
By the way... all this is an attempt to recreate the cURL example on the Rever docs page here:
https://dev.reverb.com/docs/create-a-listing
I have also been discussing this issue here:
https://dev.reverb.com/v1.0/discuss/57bb2ca0aa8f760e004588cf
Argh... well, my confusing over Fiddler still stands but the 406 error was caused by this:
myHttpWebRequest.Headers.Add("Accept-Version", "2")
Should have been
myHttpWebRequest.Headers.Add("Accept-Version", "2.0")
How simple!!

DotNetNuke - First request returns 404

I am having an issue with DotNetNuke platform that I cannot understand for the life of me... Google and SO searches have been no help.
The very first time any user tries to hit the site, regardless of the URL they are requesting, they are redirected to the URL below, and given the 404 error shown below. After that initial 404, if the user requests that exact same URL, everything works perfectly for that user going forward. They are redirected to the correct login page and everything works correctly from that point forward.
Does anyone know why this would only happen on the very first request to the site for each user? I have a Development, Test and Production environments set up, and the issue is consistent across all environments.
Requested URL: http://intranet.domain.com/page
Redirected URL: http://intranet.domain.com/Login.aspx?ReturnUrl=/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx
Server Error in '/' Application.
The resource cannot be found. Description: HTTP 404. The resource you are looking for (or one of its
dependencies) could have been removed, had its name changed, or is
temporarily unavailable. Please review the following URL and make
sure that it is spelled correctly.
Requested URL: /Login.aspx
IIS: v7
DNN: v7.02.01
Default DNN authentication is disabled and Active Directory Authentication module is enabled. (v5.0.6)
Please let me know if there is any other configuration information I can provide.
This is not a full solution however it should help shed some light on the situation. I experienced the same issue. I would go to the website and it would redirect me to
WebsiteLinkHere/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx
On removal of the
DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx
it would take me to my homepage and everything acted as expected from there on out. I grabbed the latest sourcecode from github for this module and started debugging. I traced the error down to the DNNUserController.ValidateUser() function. This seems to be returning nothing which then causes the page to error out. I decided to add a bandaid fix for the time being which may help others.
Within the WindowsSignin.aspx.vb file I added a try catch around
objAuthentication.AuthenticationLogon()
Within the catch statement I added the code that is used to redirect you after a successful authentication to the page you came from.
Try
objAuthentication.AuthenticationLogon()
Catch
Dim querystringparams As String = "logon=" & DateTime.Now.Ticks.ToString()
Dim strUrl As String = DotNetNuke.Common.NavigateURL(DotNetNuke.Entities.Portals.PortalSettings.Current.ActiveTab.TabID, String.Empty, querystringparams)
If Not HttpContext.Current.Request.Cookies("DNNReturnTo") Is Nothing _
Then
querystringparams =
HttpContext.Current.Request.Cookies("DNNReturnTo").Value
'ACD-8445
If querystringparams <> String.Empty Then querystringparams = querystringparams.ToLower
If querystringparams <> String.Empty And querystringparams.IndexOf("windowssignin.aspx") < 0 Then _
strUrl = querystringparams
End If
HttpContext.Current.Response.Redirect(strUrl, True)
End Try
This is not an elegant solution however it does escape the issue of the user's initial visit to the site being an error screen. Everything else seems to work as expected after the initial visit.
I finally found the answer over two years later...
The problem was solved by commenting out "add name="Authentication" ..." line in web.config. This disabled autologin feature completely.
http://www.dnnsoftware.com/forums/threadid/459907/scope/posts/site-redirecting-to-desktopmodules-authenticationservices-activedirectory-windowssigninaspx

ASP.NET & IIS 7.0 -- HTTPS Site Warmup Script

I have an ASP.NET 4.0 site on IIS 7.0 that is having first time load issues described here.
I've done some testing, and can confirm that it's only the first load of the page that is slow; every subsequent page loads normally. After googling around for this, I found a "warmup" script that can send an HTTP request the first time after the app pool is recycled, and this seems to fix the problem. BUT, I'm not sure if it will work when I force set the page to use only HTTPS/SSL?
The script I'm currently using is as follows:
Dim website1
website1 = "http://<website domain>/Auth/Login.aspx"
Function WarmUpSite(strURL)
On Error Resume Next
Dim objHTTP
Set objHTTP = CreateObject("MSXML2.XMLHTTP")
objHTTP.Open "GET", strURL, False
objHTTP.Send
If Err.Number=0 And objHTTP.Status=200 Then
Hget=strURL & " has been warmed up successfully at: "&Date()&" "&Time()
Else
Hget=strURL & " found error at: "&Date()&" "&Time()
End If
Set objHTTP = Nothing
'Section for writing into a text file
Const FOR_APPENDING = 8
strFileName = "C:\WarmUpLog.txt"
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objTS = objFS.OpenTextFile(strFileName,FOR_APPENDING)
objTS.WriteLine Hget
End Function
WarmUpSite(website1)
So my question is how I would make this work if the website I'm warming up is a login page that will be an HTTPS address, not HTTP? My apologies if this is a dumb question, I do relatively little web work.
Well, apparently it just involved changing the value of website1 to an HTTPS url.
;)

401 Unauthorised errors when attempting to download ASP page to file

Issue
Msxml2.ServerXMLHTTP keeps returning 401 - Unauthorised errors each time we attempt to read the contents of a file (ASP) from a web server.
Source server is running IIS6, using NTLM integrated login.
This process has been used successfully before, but only in as far as extracting XML files from external websites, not internal ones.
The proxy settings in the registry of the server on which the script is run has also been updated to bypass the website in question, but to no avail.
All paths identified in the VBScript have been checked and tested, and are correct.
User running the script has correct read/write permissions for all locations referenced in the script.
Solution needed
To identify the cause of the HTTP 401 Unauthorised messages, so that the script will work as intended.
Description
Our organisation operates an intranet, where the content is replicated to servers at each of our remote sites. This ensures these sites have continued fast access to important information, documentation and data, even in the event of losing connectivity.
We are in the middle of improving the listing and management of Forms (those pesky pieces of paper that have to be filled in for specific tasks). This involves establising a database of all our forms.
However, as the organisation hasn't been smart enough to invest in MSSQL Server instances at each site, replication of the database and accessing it from the local SQL server isn't an option.
To work around this, I have constructed a series of views (ASP pages) which display the required data. I then intend to use Msxml2.ServerXMLHTTP by VBScript, so I can read the resulting pages and save the output to a static file back on the server.
From there, the existing replication process can stream these files out to the site - with users having no idea that they're looking at a static page that just happened to be generated from database output.
Code
' Forms - Static Page Generator
' Implimented 2011-02-15 by Michael Harris
' Purpose: To download the contents of a page, and save that page to a static file.
' Target category: 1 (Contracts)
' Target Page:
' http://sharename.fpc.wa.gov.au/corporate/forms/generator/index.asp
' Target path: \\servername\sharename\corporate\forms\index.asp
' Resulting URL: http://sharename.fpc.wa.gov.au/corporate/forms/index.asp
' Remove read only
' Remove read only flag on file if present to allow editing
' If file has been set to read only by automated process, turn off read only
Const READ_ONLY = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("\\server\sharename\corporate\forms\index.asp")
If objFile.Attributes AND READ_ONLY Then
objFile.Attributes = objFile.Attributes XOR READ_ONLY
End If
Dim webObj, strURL
Set webObj = CreateObject("Msxml2.ServerXMLHTTP")
strURL = "http://sharename.fpc.wa.gov.au/corporate/forms/generator/index.asp"
webObj.Open "GET", strURL
webObj.send
If webObj.Status=200 Then
Set objFso = CreateObject("Scripting.FileSystemObject")
Set txtFile = objFso.OpenTextFile("file:\\servername.fpc.wa.gov.au\sharename\corporate\forms\index.asp", 2, True)
txtFile.WriteLine webObj.responseText
txtFile.close
ElseIf webObj.Status >= 400 And webObj.Status <= 599 Then
MsgBox "Error Occurred : " & webObj.Status & " - " & webObj.statusText
Else
MsgBox webObj.ResponseText
End If
Replace your line:
webObj.Open "GET", strURL
With:
webObj.Open "GET", strURL, False, "username", "password"
In most cases 401 Unauthorized means you haven't supplied credentials. Also you should specifiy False to indicate you don't want async mode.
It sounds like the O.P. got this working with the correct proxy settings in the registry (http://support.microsoft.com/kb/291008 explains why proxy configuration will fix this). Newer versions of ServerXMLHTTP have a setProxy method that can be used to set the necessary proxy configuration in your code instead.
In the O.P. code above, after webObj is created, the following line of code would set up the proxy correctly:
webObj.setProxy 2, "0.0.0.0:80", "*.fpc.wa.gov.au"
ServerXMLHTTP will pass on the credentials of the user running the code if it is configured with a proxy, and if the target URL bypasses that proxy. Since you are bypassing the proxy anyway, you can make it a dummy value "0.0.0.0:80", and make sure your target url is covered by what you specify in the bypass list "*.fpc.wa.gov.au"
I would first test if you can reach your url through a normal browser on the same server X you run your code on (A). I would try then reach the url from another PC. One never used to reach that url but in the same network as server X (B).
If B works but A doesn't I would suspect that for some reason your source server (i.e. that one that serves the url) blocks server X for some reason. Check the security settings of II6 and of NTLM.
If both A and B don't work, there is something wrong more in general with your source server (i.e. it blocks everything or NTML doesn't allow you in).
If A works (B doesn't matter then), the problem has to be somewhere in your code. In that case, I would recommend fiddler. This tool can give you the HTTP requests of both your browser and your code in realtime. You can then compare both. That should give you at least a very strong hint about (if not immediately give you) the solution.

MSXML2.XMLHTTP Request to validate entered URL in ASP Classic

Thanks in advance for any help received.
I want to allow our client to enter a URL into a text field which then checks whether the URL exists and works.
There are 3 possible outcomes I want to check for:
A status of 200 - OK,
A status of 500 - Server Error,
Or a status of 404 - page not found.
When executing the following code in ASP classic I get a status code of 12007 when I should be getting 404. Is this because it can't find a webserver to return a code of 404?
Function CheckURL(vURL)
ON ERROR RESUME NEXT
Set oXML=Server.CreateObject("MSXML2.XMLHTTP") : oXML.Open "POST",vURL,false : oXML.Send()
CheckURL = oXML.status
Set oXML = nothing
End Function
Or is something amiss here. What status codes am I likely to see other than the standard mentioned above.
The 12007 is a Windows HTTP error which means name hasn't been resolved. You can't get a 200, 404, 500 or any such thing if the host name can't be resolved to an IP address or a connection can't be established to that IP address. In these cases you will get error codes in the 12000s range which aren't HTTP status codes but are windows exception numbers.
See this list for a list of these exception numbers.
BTW, XMLHTTP is not a safe item object to use in ASP. Also why are you using a POST? This is the code I would use:-
Function CheckURL(vURL)
On Error Resume Next
Set xhr = CreateObject("MSXML2.ServerXMLHTTP.3.0")
xhr.Open "HEAD", vURL, false
xhr.Send
CheckURL = xhr.status
End Function
Using HEAD allows you test the URL without actually downloading a potentially large entity body.

Resources