MSXML2.ServerXMLHTTP and Kerberos Ticket

297 views
Skip to first unread message

Bernward Henkel

unread,
Jun 23, 2016, 9:20:17 AM6/23/16
to Fiddler
Hi Guys,

i'm working with .Net and trying this with VB to get on our SAP-Portal an "SSO SAP Logon Ticket"

.open("Get", "http://ax-bis-t17.prod.lokal:55000/irj/portal", "false")
.setRequestHeader("Host", "ax-bis-t17.prod.lokal55000")
.send()

Dim strCookies As String = .getAllResponseHeaders()



The responsed header includes the same result like i got from Fiddler




Fiddler then did a second GET and used the Kerberos Ticket...


Question is: Where does Fiddler getting these Kerberos Ticket Data ?
Is it stored somwhere after the first GET on my local machine?
Or is it somwhere in the respond of the first GET?


Thanks in advance

--Bernward Henkel


Eric Lawrence

unread,
Jul 1, 2016, 10:00:40 PM7/1/16
to Fiddler
Fiddler (or IE, or whatever) gets the Auth ticket by parsing the server's challenge for credentials and determining that a Negotiate or Kerberos challenge was received; it then (out of band, using a separate network protocol, not HTTP or HTTPS) gets a ticket from the Kerberos Ticket-granting-server and uses it to encode a response to the challenge.

I suspect you are really asking "How do I make my app do that?" and the answer is to set the appropriate property on the Web Request object (e.g. set the Credentials property to DefaultCredentials).

Note: You shouldn't need to manually set the HOST header and the way you're doing it today has a typo (missing colon)?

Eric Lawrence

unread,
Jul 1, 2016, 10:01:56 PM7/1/16
to Fiddler
Note: It's possible that your xmlhttp object isn't automatically authenticating because the target URL isn't in the system's Local Intranet zone; you may need to configure that or set some property on the object to have it generate the appropriate challenge-response.

Bernward Henkel

unread,
Jul 4, 2016, 8:56:50 AM7/4/16
to Fiddler
HI Eric,
you are right... with the colon and with the app. I try to make an app which calls (first) a SAP-portal to get the cookie from that portal. With that cookie i want to call (second) a SAP WebService based on transport security.

Second part later.

My development plattform is VS2015 with VB.Net in an Outlook VSTO. 
Thats my current version of the source code and the results:


The same URL in Fiddler brings up this result:


As you can see, the use of diffrent request objects
  • Dim dWINHTTP As New MSXML2.XMLHTTP
  • Dim dWINHTTP As New WinHttp.WinHttpRequest
returns diffrent results (Cookies).
But both of them didn't get me the "MYSAPSSO2"-Cookie.

I tried diffrent combinations on both request object. These both are nearest to Fiddler result... but no "MYSAPSSO2"-Cookie.

Do you have an idea where i found the "MYSAPSSO2"-Cookie.

PS:
I have no idea exactly why...but the Kerberos Ticket Data comes up when i trace my app with Fiddler !
Reply all
Reply to author
Forward
Message has been deleted
0 new messages