authentication - make an http post from server using user credentials - integrated security -

-

I am trying to create a post using user credentials from an asp classic server side page ...

I am using msxml2.ServerXMLHTTP to programmatically create posts

I have tried with many configurations in the IIS 5.1 site, but there is no way I can access a specific account I can run IIS with ...

I have created a small esp page with IMI 5.1 Using the IIS 5.1 with the IIS process, Mozammel uses the integrated security process:

/ P>

my_machine \ IWAM_my_machine

I disable unified security, and leave a domain account as an anonymous account, and to test the user (¿?)

I do the following 

  Personal function joami () Dim shell, CMD set sh = CreateObject ("wscript.shell") set cmd = shell.exec (server.mapPath ("whoami.exe")) Whoami = cmd.stdOut.readAll () set = shell = nothing: set cmd = nothing end function < / Code>

Is it becau since I'm issuing a shell command?

I want to make http post calls, another site that works with integrated security ...

Pass credentials, or at least with a specified account Configure the remote site to run, and then emphasize that account ...

I thought installing the site would be enough to work with integrated security

How can I get this way?

ps: With IIS6, this is what, but if I change the pool configuration, what information does I get?

NT AUTHORITY \ NETWORK SERVICE

NT AUTHORITY \ LOCAL SERVICE

NT AUTHORITY \ SYSTEM

If I set up a domain account, then I am not getting a "service" missing "message ...

< P> Edit: found this

It says what I did, "If a certified user makes a request, then thread token is based on the user's authenticated account", but Somehow I do not seem to work like this ... What could I possibly remember?

Edit:

Well whoam thing clearly stupid me 

  private function whoami_db (servername, dbname) dim cone, data  
  set conn = Server.createObject ("adodb.connection") conn.open "Provider = SQLOLEDB.1; Integrated security = SSPI; "& Amp; _" initial catalog = "& amp; DbName & amp;"; Data source = "& ServerName set = selectn'execute (" user_name "as selecter susse_sname)) whoami_db = data (" user_name ") data. Close: conn.close set data = nothing: set conn = Nothing  
 
 and function

and everything was working fine ...

but I How can msxml2.ServerXMLHTTP work with credentials ??

whichami.exe You were confused because of starting a separate process, The process must be run as a user. On XP, that will be a COM + Application Host (DLLHOST) and will generally run as IWAM_ . This works on w3wp.exe on IIS6 And generally run as NT AUTHORITY \ Network Service.

However an HTTP request processing thread will impersonate a separate security token. With integrated security as you have found that this User request security This will be a token, because your SSPI exits from the experiment. Machine & gt; \ IUSR_ & lt; Machine & gt; With an anonymous access anonymous site / user configured on the application, this generally & lt

ServerXMLHTTP with this as your specific problem. The underlying component goes back to WinHTTP by default it will only send the current user credentials if the server is accessing proxy bypass list. Even after this it is possible to configure ServerXMLHTTP to never send this user credentials, I have not tested that scenario myself.

Unfortunately ServerXMLHTTP provides very limited access to configuration details on WinHTTP. But if this is a show then you can always use the WinHTTP component directly: - 

  Moderate oWinHTTP slow odom conte autologonPolicy_Always = 0 set oWinHTTP = CreateObject ("WinHttp.WinHttpRequest. 5.1 ") OWinHTTP.SetAutoLogonPolicy AutoLogonPolicy_Always oWinHTTP.Open" GET "," http://remoteserver.org/getsomexml.xxx ", false oWinHTTP. If owinHTTP.Status = 200 then press Odom = Create Object ("MSXML2.DOMDocument.3.0") oDOM .async = false oDOM.Load oWinHTTP.ResponseStream end then set oWinHTTP = nothing

This is the reason why http should work for https it becomes real dirty.


Comments

Post a Comment

Popular posts from this blog

c++ - Linux and clipboard -

-
After selecting the copies of the buffer in Linux, after the text, we can click and paste the button between the mouse. I think there is a special buffer for this, I want to use it. Programming Language: C ++ Your Library: Qt Thanks. There is just one more correct answer than Paul Dixon, which answers your needs: / P > QClipboard * clipboard = QApplication :: clipboard (); CastString Selected Text = Clipboard-> Text (QClipboard :: Selection);
Read more

What is expire header and how to achive them in ASP.NET and PHP? -

-
I have examined the performance statistics of my website today. I have received a warning (or error may occur) that is given below Add Terminal Headers Here are 15 static components without a 15-futures end date * (no end) Http://www.example.com/video/css/global.css * (no time limit) http://www.example.com/video/js/global.js * (no expiration ) Http: //www.example.com/video/images/main-bg.png what it means and how to achieve it both in PHP and ASP.Net. I am on a shared hosting server, so please tell me some ways to use the code, because I can not make any modifications at the end of the server. If I expire the header, then there is no chance that if I make changes to the CSS, then the user will not be able to remove them immediately because CSS and other files have a fixed time limit (1 month, week ) Are cached for. Is Is there any harm to using PHP? $ time = time () + 3 * 24 * 60 * 60; // 3 day headings ('End:'. GMDAT ('D, D MYH: i: s \ g \ m \ t',
Read more

sql server - How can I determine which of my SQL 2005 statistics are unused? -

-
After a few years, one of my biggest databases has deposited 73 figures out of its largest tables. With Indexes, I can run many types of reports and queries, how often / heavily specific indexes are used. What is an equivalent for data? We are running SQL 2005. To make statistics automatically managed and honest, I would like to "update statistics", "create statistics" and There is no information about any management except "drop statistics" orders. In theory, UPDATE should handle the addition and removal of statistical data. In addition, I've never heard about the amount of storage or storage taking in large amounts, so I'm not sure whether there is any reason for the alarm or not. If you are seeing a potential problem, then I would suggest running an update before, if it does not clean it, it is leaving and then it appears to be safe operation (because it is the only query optimizer Is for). I will not leave "left" in the
Read more