S
Sten Westerback
Hi
I have problems getting "IE style" automatic http authentication against
IIS5
to work using code like the following (with appropriate account & pw).
I get the error text "401.3 Unauthorized due to ACL on resource" from
the server even if i know the account and password works using IE.
#include <windows.h>
#include <Wininet.h>
#include <Lm.h>
char *Http_p_szPost(char *p_szURL, char *p_szObject, char *p_szBodyData)
{ // the p_szObject parameter is not currently used (in case you
wonder)
char *p_szBuff, *p_szB;
HINTERNET hInet, hInetS, hInetURL;
DWORD dw;
int n;
char *p_szX= "Content-Type: text/html;
charset=ISO-8859-4\r\nWWW-Authenticate: NTLM";
hInet=InternetOpen("MyApp", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
if (hInet==NULL) return NULL; // failure; error handling in calling routine
hInetS=InternetConnect(hInet, "server.xxxx.com",
INTERNET_DEFAULT_HTTP_PORT,
"myaccount", "mypassword", INTERNET_SERVICE_HTTP, 0, 1968);
if (hInetS==NULL)
hInetS=InternetConnect(hInet, "server.xxxx..com",
INTERNET_DEFAULT_HTTP_PORT,
NULL, NULL, INTERNET_SERVICE_HTTP, 0, 1968);
if (hInetS==NULL) return NULL;
hInetURL=HttpOpenRequest(hInetS, "GET", "filename", NULL, NULL, "text/*",
INTERNET_FLAG_KEEP_CONNECTION, 1968);
if (hInetURL==NULL) // retry as someone suggested in old articles ("handled
internally by InternetAPI")
hInetURL=HttpOpenRequest(hInetS, "GET", "filename", NULL, NULL,
"text/*",
INTERNET_FLAG_KEEP_CONNECTION, 1968);
if (hInetURL==NULL) return NULL;
if (!HttpSendRequest(hInetURL, p_szX, strlen(p_szX), p_szBodyData,
p_szBodyData==NULL?0:strlen(p_szBodyData)))
{
if (!HttpSendRequest(hInetURL, p_szX, strlen(p_szX), p_szBodyData,
p_szBodyData==NULL?0:strlen(p_szBodyData))) return NULL;
}
p_szBuff=malloc(10000); p_szB=p_szBuff; dw=0; n=0;
while (InternetReadFile(hInetURL, p_szB, 10000, &dw))
{
if (dw==0)
{ n++; if (n>5) break; if (p_szB==p_szBuff) Sleep(1000); else
Sleep(500); }
p_szB+=dw; dw=p_szB-p_szBuff; p_szBuff=realloc(p_szBuff, dw+10010);
p_szB=p_szBuff+dw;
}
if ((dw=p_szB-p_szBuff)==0) { free(p_szBuff); p_szBuff=NULL; }
else { p_szBuff=realloc(p_szBuff, dw+1010); p_szBuff[dw]=0;
p_szBuff[dw+1]=0; }
HttpEndRequest(hInetURL, NULL, HSR_SYNC, 1968);
InternetCloseHandle(hInet);
return p_szBuff;
}
int main(int nArgs, char *p_szArgs[])
{
char szPCname[50], szParams[1000],;
...
sprintf(szParams, "go:2\r\ncomputer:%s\r\nconfirm:%s\r\nsubmit:Confirm
computername\r\n\r\n",
szPCname, szPCname);
p_sz=Http_p_szPost(http://server.xxxx.com/filename, "filename", szParams);
}
My questions are:
- is automatic logon supported by the Internet*() and Http*()
functions or does IE do some (undocumented) tricks? Which?
Perhaps one have to open a session on the server first?
- is the username=NULL and password=NULL parameters to
InternetConnect() valid for this special purpose despite the
documentation? I have tried both NULL,NULL and the
actual values but still authentication fails.
- if InternetOpenUrl() supports NTLM/Kerberos auto-
authentication, is it possible to make it POST? And
what is the correct POST format with HttpSendRequest ?
- most important of all, what would be an API function call
sequence that works?
One more question. What is the purpose of InternetCheckConnection()
which always seem to return NULL when connected to a LAN.
Is it supposed to fail unless there is a dialup connection is can
autoconnect?
GetLastError() returns 2250 Network connection does not exist.
Thanks for any ideas and code snippets you can provide.
- Sten
I have problems getting "IE style" automatic http authentication against
IIS5
to work using code like the following (with appropriate account & pw).
I get the error text "401.3 Unauthorized due to ACL on resource" from
the server even if i know the account and password works using IE.
#include <windows.h>
#include <Wininet.h>
#include <Lm.h>
char *Http_p_szPost(char *p_szURL, char *p_szObject, char *p_szBodyData)
{ // the p_szObject parameter is not currently used (in case you
wonder)
char *p_szBuff, *p_szB;
HINTERNET hInet, hInetS, hInetURL;
DWORD dw;
int n;
char *p_szX= "Content-Type: text/html;
charset=ISO-8859-4\r\nWWW-Authenticate: NTLM";
hInet=InternetOpen("MyApp", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
if (hInet==NULL) return NULL; // failure; error handling in calling routine
hInetS=InternetConnect(hInet, "server.xxxx.com",
INTERNET_DEFAULT_HTTP_PORT,
"myaccount", "mypassword", INTERNET_SERVICE_HTTP, 0, 1968);
if (hInetS==NULL)
hInetS=InternetConnect(hInet, "server.xxxx..com",
INTERNET_DEFAULT_HTTP_PORT,
NULL, NULL, INTERNET_SERVICE_HTTP, 0, 1968);
if (hInetS==NULL) return NULL;
hInetURL=HttpOpenRequest(hInetS, "GET", "filename", NULL, NULL, "text/*",
INTERNET_FLAG_KEEP_CONNECTION, 1968);
if (hInetURL==NULL) // retry as someone suggested in old articles ("handled
internally by InternetAPI")
hInetURL=HttpOpenRequest(hInetS, "GET", "filename", NULL, NULL,
"text/*",
INTERNET_FLAG_KEEP_CONNECTION, 1968);
if (hInetURL==NULL) return NULL;
if (!HttpSendRequest(hInetURL, p_szX, strlen(p_szX), p_szBodyData,
p_szBodyData==NULL?0:strlen(p_szBodyData)))
{
if (!HttpSendRequest(hInetURL, p_szX, strlen(p_szX), p_szBodyData,
p_szBodyData==NULL?0:strlen(p_szBodyData))) return NULL;
}
p_szBuff=malloc(10000); p_szB=p_szBuff; dw=0; n=0;
while (InternetReadFile(hInetURL, p_szB, 10000, &dw))
{
if (dw==0)
{ n++; if (n>5) break; if (p_szB==p_szBuff) Sleep(1000); else
Sleep(500); }
p_szB+=dw; dw=p_szB-p_szBuff; p_szBuff=realloc(p_szBuff, dw+10010);
p_szB=p_szBuff+dw;
}
if ((dw=p_szB-p_szBuff)==0) { free(p_szBuff); p_szBuff=NULL; }
else { p_szBuff=realloc(p_szBuff, dw+1010); p_szBuff[dw]=0;
p_szBuff[dw+1]=0; }
HttpEndRequest(hInetURL, NULL, HSR_SYNC, 1968);
InternetCloseHandle(hInet);
return p_szBuff;
}
int main(int nArgs, char *p_szArgs[])
{
char szPCname[50], szParams[1000],;
...
sprintf(szParams, "go:2\r\ncomputer:%s\r\nconfirm:%s\r\nsubmit:Confirm
computername\r\n\r\n",
szPCname, szPCname);
p_sz=Http_p_szPost(http://server.xxxx.com/filename, "filename", szParams);
}
My questions are:
- is automatic logon supported by the Internet*() and Http*()
functions or does IE do some (undocumented) tricks? Which?
Perhaps one have to open a session on the server first?
- is the username=NULL and password=NULL parameters to
InternetConnect() valid for this special purpose despite the
documentation? I have tried both NULL,NULL and the
actual values but still authentication fails.
- if InternetOpenUrl() supports NTLM/Kerberos auto-
authentication, is it possible to make it POST? And
what is the correct POST format with HttpSendRequest ?
- most important of all, what would be an API function call
sequence that works?
One more question. What is the purpose of InternetCheckConnection()
which always seem to return NULL when connected to a LAN.
Is it supposed to fail unless there is a dialup connection is can
autoconnect?
GetLastError() returns 2250 Network connection does not exist.
Thanks for any ideas and code snippets you can provide.
- Sten