Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I want to develop a website in ASP classic that uses HTTP Authentication against a database or password list that is under the control of the script. Ideally, the solution should involve no components or IIS settings as the script should be runnable in a hosted environment.
Any clues/code deeply appreciated.
It is possible to do HTTP Basic Authentication in pure classic ASP VBScript.
You will need something to decode base 64. Here is a pure VBScript implementation. You will also need to make sure that in your IIS config you turn off "Basic authentication" and "Integrated Windows authentication" as these will interfere with what you get back in the HTTP_AUTHORIZATION header.
Here is a sample implementation that just echoes back the user name and password.
<%#LANGUAGE="VBSCRIPT"%>
<!--#include file="decbase64.asp" -->
<%
Sub Unauth()
Call Response.AddHeader("WWW-Authenticate", "Basic realm=""SomethingGoesHere""")
Response.Status = "401 Unauthorized"
Call Response.End()
End Sub
Dim strAuth
strAuth = Request.ServerVariables("HTTP_AUTHORIZATION")
If IsNull(strAuth) Or IsEmpty(strAuth) Or strAuth = "" Then
Call Unauth
Else
%>
<html>
<body>
<%
Dim aParts, aCredentials, strType, strBase64, strPlain, strUser, strPassword
aParts = Split(strAuth, " ")
If aParts(0) <> "Basic" Then
Call Unauth
End If
strPlain = Base64Decode(aParts(1))
aCredentials = Split(strPlain, ":")
%>
<%= Server.HTMLEncode(aCredentials(0) & " - " & aCredentials(1)) %>
</body>
</html>
<%
End If
%>
Hooking the user name and password up to something meaningful is left as an exercise for the reader.
By definition, HTTP Authentication is something that is requested by the WebServer, I doubt you will find a solution that does not result in no IIS Settings being applied.
The web browser will connect to your web site, and unless your server responds with an HTTP response code HTTP/1.1 401 Unauthorized, the browse will not pass through the credentials.
You could try and force a response code of 401 and set the header
WWW-Authenticate: Basic realm="SomethingGoesHere"
Then the browser will prompt the user for username and password, but will be sent over clear-text to the browser (base64 encoded), like this:
Authorization: Basic YnJpYW5iOmJvYmJ5Ym95
Which is translated from Base64 to:
brianb:bobbyboy
I don't know if you'll have access to the Authorization header from your ASP page, or if the Web Server is going to freak out because someone is trying to pass credentials to it when its not expecting it, but could be worth a try...
Hi are you trying to get a list of users from a database or use network based permissions on the HTTP server?
If you are using a database use ODBC and DSN
Dim DatabaseObject1
Set DatabaseObject1 = Server.CreateObject("ADODB.Connection")
DatabaseObject1.Open("DSN=DSNname;")
If you are wanting a password dialogue box (from the server), you will need to alter IIS settings for a good guide to this..
http://www.authenticationtutorial.com/tutorial/
Related
I have an ASP app. setup using Windows Authentication that I can open from IE without being prompted for credentials, but when I try to open the same ASP app. from a VB Script I get a 401 - not authorized error.
How do I get the VB Script to open the app without supplying credentials?
VB Script:
Dim srvHTTP
set srvHTTP = CreateObject("MSXML2.ServerXMLHttp.3.0")
srvHTTP.open "GET", "http://myserver/sample.aspx", false
srvHTTP.send
WScript.Echo("Status: " & srvHTTP.status)
Try using the WinHttpRequest object instead. It allows you to specify the logon policy. The following example may work for you.
Const AutoLogonPolicy_Always = 0
Dim objWinHttp
Set objWinHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
objWinHttp.SetAutoLogonPolicy AutoLogonPolicy_Always
objWinHttp.Open "GET", "http://myserver/sample.aspx", False
objWinHttp.Send
You may also need to configure your proxy to enable "keep alive" connections, since NTLM authentication requires a number of handshakes.
There are lots of questions that ask about the 80072ee2 "The operation timed out" error in msxml3.dll, but most are resolved by moving the requested URL to a different application pool. But, we already do this and are still getting this error on a semi-regular basis.
We're running a Windows 2008 server and IIS7.5 - the website is Classic ASP and the code is:
set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "GET", "http://www.mysite.co.uk/_search/search.php", false
xmlhttp.send ""
strResponseText = xmlhttp.responseText
set xmlhttp = nothing
The folder '_search' is a virtual folder and is set to use a separate application pool from the main site. It is a busy-ish site, and we don't get a timeout every-time it's called... but once you get one, there are often a number of them in succession. We know this is happening because we're logging the 500 errors on the site.
Does anyone have any ideas (please don't suggest re-writing the Classic ASP or PHP - it's not possible at the moment)?
Thanks
Your code looks absolutely fine. Two things you can try though.
First try
Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
This may not make any difference, but you're msxml6.dll - which is present on IIS7 - rather than the older msxml3.dll
Second, if you have Remote desktop access, see what happens when you try to access http://www.mysite.co.uk/_search/search.php from the server's own copy of IE. I've encountered situations where you can't see a site the server hosts itself through the external URL and you have to use localhost or 127.0.0.1
I solved it by creating a new site with the same physical path domain name etc but different port number (like 81)
xmlhttp.open "GET", "http://www.mysite.co.uk:81/_search/search.php", false
I was wondering if it is possible to send email in vb.net without the following code
SmtpServer.Credentials = New _
Net.NetworkCredential("admin#example.com", "password")
i am switching servers and i have a lot of websites that send emails with all the same credentials being sent from the server that is getting changed.
My issue is when the change happens its going to affect the sites. My question is what does smptServer.Credentials = New _ really mean? and
Net.NetworkCredentials("admin#example.com, "password") can you send without this. I am fairly new to this and i was looking at classic asp sites that we have and it doesnt require either of these credentials and works. Therefore i was wondering if it is possible to send emails without these in vb.net??
Thanks in advance!
Some SMTP servers require a client to authenticate itself as a means of protection against relaying spam. Other servers don't. If the server you're using requires authentication, you have to provide it. Otherwise, you don't.
I have a strange situation and google isn't helping me out. I have an admin site which is in simple HTTP who posts data to a different site running under HTTPS. The HTTP admin site (which I don't have direct access to) is sending the info via basic POST, and I'm trying to capture the Request.Form values in the HTTPS site. It works perfectly well in dev, due to the fact that the receiving site isn't running under SSL, but in prod, I have the Request.Form as empty. Someone could enlighten me? The basic HTTPS request code is below:
Dim nvm As NameValueCollection = Request.Form
Dim _idInscricao As String
Dim _Origem As String
litMensagem.Text = "Wait..."
If nvm.Keys.Count = 0 Then
litMensagem.Text = "Error recovering data. No keys found."
Exit Sub
End If
For Each _Key As String In nvm.Keys
If _Key.ToLower.EndsWith("idinscricao") Then
_idInscricao = nvm(_Key)
End If
If _Key.ToLower.EndsWith("origem") Then
_Origem = nvm(_Key)
End If
Next
If _idInscricao Is Nothing OrElse String.IsNullOrEmpty(_idInscricao) _
OrElse _Origem Is Nothing OrElse String.IsNullOrEmpty(_Origem) Then
litMensagem.Text = "Error recovering data."
Exit Sub
End If
I found this question because I was having the same problem, and I need to thank dana for the fiddler recommendation.
Using Fiddler, I found out what was going on. My page was on HTTPS, and the form that I was posting posted to HTTP. I couldn't figure out why my form structure on the posted page was empty.
Turns out the server couldn't find the http version of the file and did an automatic redirect to the https version, doing a GET with my form variables. They aren't available in the form scope with a GET. (FWIW, I'm using CFML.)
Once I changed the form action to post to HTTPS, everything worked like a charm.
-jason
Issue
Msxml2.ServerXMLHTTP keeps returning 401 - Unauthorised errors each time we attempt to read the contents of a file (ASP) from a web server.
Source server is running IIS6, using NTLM integrated login.
This process has been used successfully before, but only in as far as extracting XML files from external websites, not internal ones.
The proxy settings in the registry of the server on which the script is run has also been updated to bypass the website in question, but to no avail.
All paths identified in the VBScript have been checked and tested, and are correct.
User running the script has correct read/write permissions for all locations referenced in the script.
Solution needed
To identify the cause of the HTTP 401 Unauthorised messages, so that the script will work as intended.
Description
Our organisation operates an intranet, where the content is replicated to servers at each of our remote sites. This ensures these sites have continued fast access to important information, documentation and data, even in the event of losing connectivity.
We are in the middle of improving the listing and management of Forms (those pesky pieces of paper that have to be filled in for specific tasks). This involves establising a database of all our forms.
However, as the organisation hasn't been smart enough to invest in MSSQL Server instances at each site, replication of the database and accessing it from the local SQL server isn't an option.
To work around this, I have constructed a series of views (ASP pages) which display the required data. I then intend to use Msxml2.ServerXMLHTTP by VBScript, so I can read the resulting pages and save the output to a static file back on the server.
From there, the existing replication process can stream these files out to the site - with users having no idea that they're looking at a static page that just happened to be generated from database output.
Code
' Forms - Static Page Generator
' Implimented 2011-02-15 by Michael Harris
' Purpose: To download the contents of a page, and save that page to a static file.
' Target category: 1 (Contracts)
' Target Page:
' http://sharename.fpc.wa.gov.au/corporate/forms/generator/index.asp
' Target path: \\servername\sharename\corporate\forms\index.asp
' Resulting URL: http://sharename.fpc.wa.gov.au/corporate/forms/index.asp
' Remove read only
' Remove read only flag on file if present to allow editing
' If file has been set to read only by automated process, turn off read only
Const READ_ONLY = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("\\server\sharename\corporate\forms\index.asp")
If objFile.Attributes AND READ_ONLY Then
objFile.Attributes = objFile.Attributes XOR READ_ONLY
End If
Dim webObj, strURL
Set webObj = CreateObject("Msxml2.ServerXMLHTTP")
strURL = "http://sharename.fpc.wa.gov.au/corporate/forms/generator/index.asp"
webObj.Open "GET", strURL
webObj.send
If webObj.Status=200 Then
Set objFso = CreateObject("Scripting.FileSystemObject")
Set txtFile = objFso.OpenTextFile("file:\\servername.fpc.wa.gov.au\sharename\corporate\forms\index.asp", 2, True)
txtFile.WriteLine webObj.responseText
txtFile.close
ElseIf webObj.Status >= 400 And webObj.Status <= 599 Then
MsgBox "Error Occurred : " & webObj.Status & " - " & webObj.statusText
Else
MsgBox webObj.ResponseText
End If
Replace your line:
webObj.Open "GET", strURL
With:
webObj.Open "GET", strURL, False, "username", "password"
In most cases 401 Unauthorized means you haven't supplied credentials. Also you should specifiy False to indicate you don't want async mode.
It sounds like the O.P. got this working with the correct proxy settings in the registry (http://support.microsoft.com/kb/291008 explains why proxy configuration will fix this). Newer versions of ServerXMLHTTP have a setProxy method that can be used to set the necessary proxy configuration in your code instead.
In the O.P. code above, after webObj is created, the following line of code would set up the proxy correctly:
webObj.setProxy 2, "0.0.0.0:80", "*.fpc.wa.gov.au"
ServerXMLHTTP will pass on the credentials of the user running the code if it is configured with a proxy, and if the target URL bypasses that proxy. Since you are bypassing the proxy anyway, you can make it a dummy value "0.0.0.0:80", and make sure your target url is covered by what you specify in the bypass list "*.fpc.wa.gov.au"
I would first test if you can reach your url through a normal browser on the same server X you run your code on (A). I would try then reach the url from another PC. One never used to reach that url but in the same network as server X (B).
If B works but A doesn't I would suspect that for some reason your source server (i.e. that one that serves the url) blocks server X for some reason. Check the security settings of II6 and of NTLM.
If both A and B don't work, there is something wrong more in general with your source server (i.e. it blocks everything or NTML doesn't allow you in).
If A works (B doesn't matter then), the problem has to be somewhere in your code. In that case, I would recommend fiddler. This tool can give you the HTTP requests of both your browser and your code in realtime. You can then compare both. That should give you at least a very strong hint about (if not immediately give you) the solution.