Re: Question regarding to ISA server and the WINHTTPREQUEST component (access denied reasons)
- From: "JP" <webmaster@xxxxxxxxxxx>
- Date: Fri, 20 Jan 2006 18:03:23 +0100
Please tell me what info you need.
The system is a windows 2003 server and running the latest version of isa
server.
The server it located at a customer location (ministry of justice) and they
havent been able to pinpoint the
error back into the loggings. It is a very difficult organisation to get
through ( people work next to each other).
Any suggestion is welcome.
In the winhttp request i set with setproxy, setcredentials (0, user, pass)
the code.
This one is in perl, below you will find teh source code. I know perl isnt
the best programming language, but ach...
it normally does the job
#use strict;
use OLE;
use Win32::OLE;
use Win32::OLE::Variant;
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
#USE_GLOBAL_PROXY_SERVER_TYPE one of the following:
# 0 = HTTPREQUEST_PROXYSETTING_DIRECT (no proxy)
# 1 = HTTPREQUEST_PROXYSETTING_PRECONFIG (configure with proxycfg)
# 2 = HTTPREQUEST_PROXYSETTING_PROXY (specify in req [ proxyserver,
proxyusername, proxyuserpass ] )
$USE_GLOBAL_PROXY_SERVER_TYPE=2;
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
$GLOBAL_PROXY_SERVER ='vmisaproxy:8080';
$GLOBAL_PROXY_SERVER_USERNAME ='domain\username';
$GLOBAL_PROXY_SERVER_PASSWORD ='password';
$GLOBAL_PROXY_SERVER_BYPASSLIST ='*.squareis.com;<local>';
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
#Available properties in REQUEST HASH \%req
#req{"enablewinhttpdebug"} if set to 1, debugging info is flushed to stdout.
#req{"url"} defines the url to retrieve i.e.
"http://www.google.com/sub/page.html?q=1";
#req{"postdata"} defines the concatenated string of the data to post,
when undefined a GET is performed
#req{"proxyserver"} defines the per-site-proxyserver, multidomain proxy
homing possible
#req{"proxyusername"} defines the per-site-proxyserver-username
#req{"proxyuserpass"} defines the per-site-proxyserver-userpassword
#req{"siteloginuser"} defines the per-site-user-credentials-name
#req{"siteloginpass"} defines the per-site-user-credentials-password
#Available properties in RESPONSE HASH \%resp
#$resp{"responseheaders"} is set with the received response headers from
destination host
#$resp{"receivedhtml"} is set with the received html retrieved from
destination host
#$resp{"receivedhtmlsize"} is set with the size of the received html
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
sub DO_HTTP_REQUEST($$$){
my ($req, $resp,$timeout) = @_;
my ($proto, $host, $href);
my $obj = INITIALIZE_WINHTTP_OBJECT($req);
if ($$req{"url"} =~ m%(https?):/+([^/]+)(/.+)?%) { ($proto, $host,
$href) = ($1,$2,$3); }
if (!$href){ $href='/';}
$obj->SetRequestHeader('HOST', $host);
if (exists($$req{"siteloginuser"})){
$obj->SetCredentials($$req{"siteloginuser"}, $$req{"siteloginpass"}, 1);
}
if ($$req{"postdata"}){
#perform a POST request
if ($$req{"enablewinhttpdebug"}){ print "**DEBUG**
DO_HTTP_REQUEST(POST ".$$req{"url"}.") data=".$$req{"postdata"}."\n";}
!($obj->Open('POST',$$req{"url"},0)) || die "POST fookmi $!";
}else{
#perform a GET request
if ($$req{"enablewinhttpdebug"}){ print "**DEBUG**
DO_HTTP_REQUEST(GET ".$$req{"url"}.")\n";}
!($obj->Open('GET',$$req{"url"},0)) || die "fookmi $!";
}
$obj->Send($$req{"postdata"});
$$resp{"statuscode"} = $obj->Status();
if ($$req{"enablewinhttpdebug"}){ print "**DEBUG**
DO_HTTP_REQUEST(STATUS=".$obj->Status().")\n";}
$$resp{"responseheaders"} = $obj->GetAllResponseHeaders();
$$resp{"receivedhtml"} = $obj->ResponseText();
$$resp{"receivedhtmlsize"} = length($$resp{"receivedhtml"});
};
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
sub INITIALIZE_WINHTTP_OBJECT($){
my ($req) = @_;
my $obj = Win32::OLE-> new('WinHttp.WinHttpRequest.5.1');
if ($USE_GLOBAL_PROXY_SERVER_TYPE > 1){
if ($$req{"proxyserver"}){
if ($$req{"enablewinhttpdebug"}){ print "**DEBUG**
INITIALIZE_WINHTTP_OBJECT(USE_REQUEST_PROXY(".$$req{"proxyserver"}.",
".$$req{"proxyusername"}.", ********))\n";}
$obj->SetProxy(2, $$req{"proxyserver"}, $$req{"proxybypasslist"});
if (exists($$req{"proxyusername"})){
$obj->SetCredentials($$req{"proxyusername"}, $$req{"proxyuserpass"}, 0);
}
}else{
if ($$req{"enablewinhttpdebug"}){ print "**DEBUG**
INITIALIZE_WINHTTP_OBJECT(USE_GLOBAL_PROXY($GLOBAL_PROXY_SERVER,
$GLOBAL_PROXY_SERVER_USERNAME, ********))\n";}
$obj->SetProxy(2, $GLOBAL_PROXY_SERVER, $GLOBAL_PROXY_SERVER_BYPASSLIST);
$obj->SetCredentials($GLOBAL_PROXY_SERVER_USERNAME,
$GLOBAL_PROXY_SERVER_PASSWORD, 0);
}
}else{
if ($USE_GLOBAL_PROXY_SERVER_TYPE > 0){
if ($$req{"enablewinhttpdebug"}){ print "**DEBUG**
INITIALIZE_WINHTTP_OBJECT(USE_PREDEFINED_REGISTRY_PROXY)\n";}
$obj->SetProxy(1);
}
}
return $obj;
};
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
#EXAMPLE!!!!!!!!!
sub main(){
my (%req,%resp);
$req{"url"} = "http://www.google.com";;
$req{"enablewinhttpdebug"}=1;
DO_HTTP_REQUEST(\%req, \%resp, 1000);
print $resp{"receivedhtml"};
};
main();
"Henk Steunenberg (Ms)" <stjesp@xxxxxxxxxxx> wrote in message
news:%23xCsCdcHGHA.140@xxxxxxxxxxxxxxxxxxxxxxx
> Hello ,
>
> could be : http://support.microsoft.com/default.aspx?scid=kb;en-us;905767
>
> or
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;884492
>
> additional info about isa and system would help
>
> regards,
>
> Henk
>
>
> "JP" <webmaster@xxxxxxxxxxx> wrote in message
> news:%23zimEWcHGHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
>> We are getting access denied. Possible reasons??????
>>
>> Below you find the WINHTTPTRACECFG log.
>>
>> 13:08:13.125 ::*0000001* :: Using proxy server: dbob-bdsprx03:5128
>> 13:08:13.125 ::*0000001* :: sending data:
>> 13:08:13.125 ::*0000001* :: 279 (0x117) bytes
>> 13:08:13.125 ::*0000001* :: <<<<-------- HTTP stream follows
>> below ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: GET http://www.google.com/ HTTP/1.1
>> 13:08:13.125 ::*0000001* :: Accept: */*
>> 13:08:13.125 ::*0000001* :: User-Agent: Mozilla/4.0 (compatible; Win32;
>> WinHttp.WinHttpRequest.5)
>> 13:08:13.125 ::*0000001* :: Host: www.google.com
>> 13:08:13.125 ::*0000001* :: Proxy-Connection: Keep-Alive
>> 13:08:13.125 ::*0000001* :: Proxy-Authorization: NTLM
>> TlRMTVNTUAABAAAAB7IIogIAAgA1AAAADQANACgAAAAFAs4OAAAAD0RCT0ItQkRTQVBQMTZBRA==
>> 13:08:13.125 ::*0000001* ::
>> 13:08:13.125 ::*0000001* ::
>> 13:08:13.125 ::*0000001* :: <<<<--------
>> End ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: received data:
>> 13:08:13.125 ::*0000001* :: 459 (0x1cb) bytes
>> 13:08:13.125 ::*0000001* :: <<<<-------- HTTP stream follows
>> below ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: HTTP/1.1 407 Proxy Authentication Required
>> ( Access is denied. )
>> 13:08:13.125 ::*0000001* :: Via:1.1 DBOB-BDSPRX03
>> 13:08:13.125 ::*0000001* :: Proxy-Authenticate: NTLM
>> TlRMTVNTUAACAAAABAAEADgAAAAFgomi4hJuudW3fMkAAAAAAAAAAH4AfgA8AAAABQCTCAAAAA9BAEQAAgAEAEEARAABABoARABCAE8AQgAtAEIARABTAFAAUgBYADAAMwAEABgAYQBkAC4AbQBpAG4AagB1AHMALgBuAGwAAwA0AGQAYgBvAGIALQBiAGQAcwBwAHIAeAAwADMALgBhAGQALgBtAGkAbgBqAHUAcwAuAG4AbAAAAAAA
>> 13:08:13.125 ::*0000001* :: Pragma: no-cache
>> 13:08:13.125 ::*0000001* :: Cache-Control: no-cache
>> 13:08:13.125 ::*0000001* :: Content-Type: text/html
>> 13:08:13.125 ::*0000001* :: Content-Length: 0
>> 13:08:13.125 ::*0000001* ::
>> 13:08:13.125 ::*0000001* ::
>> 13:08:13.125 ::*0000001* :: <<<<--------
>> End ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: WinHttpCreateUrlA(0x140fa28, 0x0, 0x1c40000,
>> 0x140fa0c)
>> 13:08:13.125 ::*0000001* :: WinHttpCreateUrlA() returning TRUE
>> 13:08:13.125 ::*0000001* :: Using proxy server: dbob-bdsprx03:5128
>> 13:08:13.125 ::*0000001* :: sending data:
>> 13:08:13.125 ::*0000001* :: 419 (0x1a3) bytes
>> 13:08:13.125 ::*0000001* :: <<<<-------- HTTP stream follows
>> below ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: GET http://www.google.com/ HTTP/1.1
>> 13:08:13.125 ::*0000001* :: Accept: */*
>> 13:08:13.125 ::*0000001* :: User-Agent: Mozilla/4.0 (compatible; Win32;
>> WinHttp.WinHttpRequest.5)
>> 13:08:13.125 ::*0000001* :: Host: www.google.com
>> 13:08:13.125 ::*0000001* :: Proxy-Connection: Keep-Alive
>> 13:08:13.125 ::*0000001* :: Proxy-Authorization: NTLM
>> TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAAAQABABIAAAADAAMAEwAAAAaABoAWAAAAAAAAACiAAAABYKIogUCzg4AAAAPQQBEADEAVwBFAEkAUwBTAEQAQgBPAEIALQBCAEQAUwBBAFAAUAAxADYAz1nN5/5XWz0AAAAAAAAAAAAAAAAAAAAAWrBJMhoVj659LXjuwiKQe8NvDIxrBPIi
>> 13:08:13.125 ::*0000001* ::
>> 13:08:13.125 ::*0000001* ::
>> 13:08:13.125 ::*0000001* :: <<<<--------
>> End ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: received data:
>> 13:08:13.125 ::*0000001* :: 1024 (0x400) bytes
>> 13:08:13.125 ::*0000001* :: <<<<-------- HTTP stream follows
>> below ----------------------------------------------->>>>
>> 13:08:13.125 ::*0000001* :: HTTP/1.1 407 Proxy Authentication Required
>> ( The ISA Server requires authorization to fulfill the request. Access to
>> the Web Proxy service is denied. )
>> 13:08:13.125 ::*0000001* :: Via:1.1 DBOB-BDSPRX03
>> 13:08:13.125 ::*0000001* :: Proxy-Authenticate: NTLM
>> 13:08:13.125 ::*0000001* :: Proxy-Authenticate: Kerberos
>> 13:08:13.125 ::*0000001* :: Proxy-Authenticate: Negotiate
>> 13:08:13.125 ::*0000001* :: Connection: close
>> 13:08:13.125 ::*0000001* :: Proxy-Connection: close
>> 13:08:13.125 ::*0000001* :: Pragma: no-cache
>> 13:08:13.125 ::*0000001* :: Cache-Control: no-cache
>> 13:08:13.125 ::*0000001* :: Content-Type: text/html
>> 13:08:13.125 ::*0000001* :: Content-Length: 2378
>>
>
>
.
- References:
- Prev by Date: Re: 1MB Cap download speed
- Next by Date: Re: Clients can't get at website on ISA's external subnet
- Previous by thread: Re: Question regarding to ISA server and the WINHTTPREQUEST component (access denied reasons)
- Index(es):
Relevant Pages
|
