Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Proxy-Authorization header not sent for HTTPS connections?

4 views
Skip to first unread message

Peter Meier

unread,
Sep 8, 2005, 2:43:36 AM9/8/05
to
Hi,
When I am trying to use wininet to authenticate through a proxy on a
server which also requires authentication, it works fine, if the server

is running on HTTP. If the server requires HTTPS the authorization
fails. Here's a code snippet:


...


BOOL bSendHttpRequest = HttpSendRequest(m_hHttpOpenReq­uest, NULL, 0,
NULL, 0);


DWORD dwStatus;
DWORD dwBufSize = sizeof(dwStatus);
HttpQueryInfo(m_hHttpOpenReque­st, HTTP_QUERY_STATUS_CODE, &dwStatus,
&dwBufSize, 0);


BYTE strBuffer[2048];
DWORD dwBufSize = sizeof(strBuffer);
memset(strBuffer, 0, dwBufSize);
if (dwBufSize == HTTP_STATUS_PROXY_AUTH_REQ) // 407: Proxy
authentication required
{
strHeader = "Authorization: Basic aW5zdXJlcjpkZW1v" + "\r\n" +
"Proxy-Authorization: Basic YXVkYXRleDphdWRhdGV4" +
"\r\n" ;


bSendHttpRequest = HttpSendRequest(m_hHttpOpenReq­uest, strHeader,
strHeader.GetLength(), NULL, 0);
}


...

I have also tried to use


InternetSetOption(m_hHttpOpenR­equest,
INTERNET_OPTION_PROXY_USERNAME­,
&strProxyUsername, strProxyUsername.GetLength());
InternetSetOption(m_hHttpOpenR­equest,
INTERNET_OPTION_PROXY_PASSWORD­,
&strProxyPassword, strProxyPassword.GetLength());


instead of sending the header manually, but still it doesn't work.


When I do a network trace I can see that in the HTTP case, a 'GET'
request is send to the server together with the 'Proxy-Authorization'
header. Whereas in the HTTPS case my 'GET' request automatically
becomes a 'CONNECT' request and although I set the 'Proxy
Authorization' header I can see that it is not send (it does not appear

in the network trace)? Does anybody have an idea why the header is not
send in the 'CONNECT' case?

Maybe I should mention that when I am trying to connect to an HTTPS
server without going over a proxy it works. So I am already setting all
kinds of
flags:

INTERNET_FLAG_SECURE
INTERNET_FLAG_RELOAD
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_UI
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_TRANSFER_ASCII
INTERNET_FLAG_IGNORE_CERT_CN_I­NVALID
INTERNET_FLAG_IGNORE_CERT_DATE­_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_­TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_­TO_HTTPS


and also SECURITY_FLAG_IGNORE_UNKNOWN_CA.
Am I missing any other flag?

Thanks a lot for any suggestions!


Peter

Martin Horst

unread,
Sep 8, 2005, 5:13:03 AM9/8/05
to
Hi,

"Peter Meier" <blacki...@gmx.net> schrieb im Newsbeitrag
news:1126161816.4...@z14g2000cwz.googlegroups.com...


> Hi,
> When I am trying to use wininet to authenticate through a proxy on a
> server which also requires authentication, it works fine, if the server

> is running on HTTP. If the server requires HTTPS the authorization
> fails. Here's a code snippet:
> ...

I'm not sure but in my opinion HTTPS can not be used with proxy servers.
What should a proxy server do with the encrypted content?

BTW: This is a german news group.

Best regards
Martin


Alexander Nickolov

unread,
Sep 8, 2005, 2:36:48 PM9/8/05
to
Sure HTTPS can go through HTTP proxies. That's what the
CONNECT request is for in the first place! Theoretically, some
ancient proxies may not support it though...

--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnic...@mvps.org
MVP VC FAQ: http://www.mvps.org/vcfaq
=====================================

"Martin Horst" <ho...@comnetmedia.de> wrote in message
news:e3cVGWFt...@TK2MSFTNGP11.phx.gbl...

0 new messages