Re: Authorization HTML Header going missing
From: Shaun Wilde (shaun_wilde_at_nospam.co.uk)
Date: 11/30/04
- Next message: Andy G: "Session variable vs. Stored Proc"
- Previous message: Kevin Spencer: "Re: Refresh button"
- Next in thread: Shaun Wilde: "Re: Authorization HTML Header going missing"
- Maybe reply: Shaun Wilde: "Re: Authorization HTML Header going missing"
- Reply: Steven Cheng[MSFT]: "Re: Authorization HTML Header going missing"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Nov 2004 22:04:11 -0000
Hi Steven
I'll give it a try
I've come across the following
and it seems to descibe the same symptoms. It also seems to be that it (the
Authorization header) will come through if we enable basic authentication.
Okay but whey the difference between 2000 and 2003.
Actually the problem occurs only if the server is 2000, the client is not a
factor.
Basic Authentication isn't turned on via IIS and there should be no need to
do so as I wish to use a HttpHandler to look after the credentials and send
back an Authorization error (403?) - this is because the application could
be hosted on a site where access to the IIS is minimal (3rd party hosting
environment).
Also I wish to authenticate against my own control list (database or
web.config) and not that controlled by a 3rd party.
Shaun
"Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message
news:D5SQYbe1EHA.768@cpmsftngxa10.phx.gbl...
> Hi Shaun,
>
> Yes, the problem is so strange. I'm sure this is a enviromential specific
> issue. Also, you've mentioned that the problem only occur when your client
> app and the webservice are on the same machine,(locally), so I've exclude
> the possibility of some firewall or proxy that may intercept the
> authorization header.
> In addition, I'm not sure whether you've tried sending a custom http
header
> as I mentioned in my last reply to see whether this can work?
>
> Also, I've attached a ISAPI filter made by our IIS support guy which can
> help capture the raw data send to IIS.
> You may also try install it and capture the HTTP headers (when calling the
> webservice) on the problem machine to see whether the header has arrived
> the IIS. Here is the install steps for the isapi filter
>
> ==============
> Please open the server(computer icon)'s property->WWW Service global
> setting->ISAPI Filter tab, add the dll as a new ISAPI
filter(WriteRawData).
>
> Then please restart IIS service via iisreset command. Reproduce the
> problem. The filter will capture the incoming and outgoing rawdata in 2
> files at c: - InRawData.log, OutRawData.log
>
> =============
>
> Hope helps. Thanks.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
- Next message: Andy G: "Session variable vs. Stored Proc"
- Previous message: Kevin Spencer: "Re: Refresh button"
- Next in thread: Shaun Wilde: "Re: Authorization HTML Header going missing"
- Maybe reply: Shaun Wilde: "Re: Authorization HTML Header going missing"
- Reply: Steven Cheng[MSFT]: "Re: Authorization HTML Header going missing"
- Messages sorted by: [ date ] [ thread ]
