Problems using WinHttp with Proxy and Server Authentication simultaneously

[Rekkie]

Referring to the problem decribed below, I would like to inform
everyone that I have tested version: 5.2.3790.0 of the Windows 2003
Server version of Winhttp and this issue has not been resolved.

I would also like to know if microsoft has officially recognised this
problem as a bug and if it will ever be fixed?? Has a bug report
number been assigned?

Regards
Rekkie

I think you're right, the fix is probably not in WinHTTP 5.1 on
Windows 2000
SP3 unfortunately. I think the fix will first be available on Windows
Server
2003.

One last thing to try: set both the server and proxy credentials
before
calling the send method, instead of waiting for an authentication
challenge.

WinHttpRequest.Open GET, Url, False

WinHttpRequest.SetCredentials UserName, Password,
HTTPREQUEST_SETCREDENTIALS_FOR_PROXY

WinHttpRequest.SetCredentials UserName, Password,
HTTPREQUEST_SETCREDENTIALS_FOR_SERVER

WinHttpRequest.Send

Regards,

Stephen Sulzer
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Rekkie" <rekc...@excite.com> wrote in message
news:640701d3.03022...@posting.google.com...
> Hi there,
>
> Thank you for your reply, I have given the new version of WinHttp5.1 a
> try by installing SP3 on Windows2000. For your Information I get
> similar results with this new version, looks like the bug has not yet
> been resolved.
>
> Regards
> Rekkie
>
>
> "Stephen Sulzer [MSFT]" <ssu...@online.microsoft.com> wrote in message news:<umsyeSe3...@TK2MSFTNGP10.phx.gbl>...
> > Hello,
> >
> > I think you may be encountering a bug in WinHTTP 5.0 then. This may be fixed
> > in WinHTTP 5.1.
> >
> > WinHTTP 5.1 is available on:
> >
> > Windows 2000 SP3 (except Datacenter Server)
> > Windows XP SP1
> > Windows Server 2003
> >
> > If you are running on one of those platforms, you can switch to WinHTTP 5.1
> > by changing the WinHttpRequest ProgID from "WinHttp.WinHttpRequest.5" to
> > "WinHttp.WinHttpRequest.5.1". The name of the 5.1 DLL is "winhttp.dll".
> >
> > Additional information about WinHTTP 5.1 is on-line at:
> >
> >
> > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/what_s_new_in_winhttp_5_1.asp
> >
> >
> > Regards,
> >
> > Stephen Sulzer
> > Microsoft Corporation
> >
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
> >
> > "Rekkie" <rekc...@excite.com> wrote in message
> > news:640701d3.03022...@posting.google.com...
> > > Hi there Stephen,
> > >
> > > Thank you for your reply to my problem. I have however already tried
> > > what you suggested in different forms, however no luck. Don't
> > > know if it is of any help but my version of WinHttp5.dll is
> > > 5.0.2613.0.
> > >
> > > I have included my exact coding, (so you can also give the code a try
> > > to verify the problem) which is for all purposes identical to your
> > > suggestion, however I find that my program hangs on the winhttpreq.send
> > > line as soon as both of the credentials have been set. Analysing the
> > > packets sent with a sniffer (I have also attached the logs of packets
> > > sent), I find that the winhttp component gets itself into a 407-401-407...
> > > loop. To me it looks like this component is incapable of sending both
> > > authentications in the same header and therefore gets itself into
> > > a loop.
> > >
> > > I have also tried removing the select case logic, in the following manner:
> > >
> > > ' Assemble an HTTP request.
> > > WinHttpReq.Open "GET", sURL, False
> > >
> > > ' Set the Proxy user name and password.
> > > WinHttpReq.SetCredentials UserName, Password, _
> > > HTTPREQUEST_SETCREDENTIALS_FOR_PROXY
> > >
> > > ' Set the server user name and password.
> > > WinHttpReq.SetCredentials ProxyUserName, ProxyPassword, _
> > > HTTPREQUEST_SETCREDENTIALS_FOR_SERVER
> > > ' Send the HTTP Request.
> > > WinHttpReq.Send
> > >
> > > but get exactly the same results as I do with the code that follows.
> > > (same packets sent)
> > >
> > > Can you give me any other suggestions???
> > >
> > > If this is a bug is there any chance of it getting resolved soon???
> > > Or am I better off writing myself a wrapper function to get around
> > > this problem?
> > >
> > > Regards
> > >
> > > Rekkie
> > >
> > > MY EXACT CODE:
> > > **************
> > > Option Explicit
> > > Private Const HTTPREQUEST_SETCREDENTIALS_FOR_SERVER = 0
> > > Private Const HTTPREQUEST_SETCREDENTIALS_FOR_PROXY = 1
> > > Private Const HTTPREQUEST_PROXYSETTING_PROXY = 2
> > > Private WinHttpReq As WinHttp.WinHttpRequest
> > >
> > >
> > > Private Sub Command1_Click()
> > > Dim iAttempts As Integer
> > > Dim sURL As String
> > > Dim bdone As Boolean
> > > Dim HeaderType As String
> > > Set WinHttpReq = New WinHttpRequest
> > >
> > > sURL = "******************"
> > >
> > > WinHttpReq.SetProxy HTTPREQUEST_PROXYSETTING_PROXY, "******:**"
> > >
> > > On Error GoTo errortrap
> > >
> > > ' Assemble an HTTP request.
> > > WinHttpReq.Open "GET", sURL, False
> > >
> > > iAttempts = 0
> > >
> > > Do
> > > iAttempts = iAttempts + 1
> > >
> > > ' Send the HTTP Request.
> > > WinHttpReq.Send
> > >
> > > ' Check the status code returned from the server.
> > > Select Case WinHttpReq.Status
> > > Case 200 ' Document retrieved
> > > bdone = True
> > >
> > > Case 401 ' Server requires authentication
> > > ' Set the user name and password.
> > > WinHttpReq.SetCredentials "*******", "*********", _
> > > HTTPREQUEST_SETCREDENTIALS_FOR_SERVER
> > >
> > > Case 407 ' Proxy requires authentication
> > > ' Set the user name and password.
> > > WinHttpReq.SetCredentials "********", "*********", _
> > > HTTPREQUEST_SETCREDENTIALS_FOR_PROXY
> > > Case Else
> > > bdone = True
> > > End Select
> > >
> > > Loop Until bdone = True Or (iAttempts > 5)
> > >
> > > HeaderType = WinHttpReq.ResponseBody
> > > Debug.Print HeaderType
> > >
> > > Set WinHttpReq = Nothing
> > >
> > > Exit Sub
> > > errortrap:
> > > Debug.Print Err.Description
> > >
> > > End Sub
> > >
> > >
> > >
> > > Log of Packets sent with above code:
> > > ************************************
> > >
> > > GET http://**************************** HTTP/1.1
> > > Content-Length: 0
> > > Accept: */*
> > > User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
> > > Host: ****************************
> > > Proxy-Connection: Keep-Alive
> > >
> > > HTTP/1.0 407 Proxy Authentication Required
> > > Server: Squid/2.4.STABLE7
> > > Mime-Version: 1.0
> > > Date: Tue, 25 Feb 2003 10:17:17 GMT
> > > Content-Type: text/html
> > > Content-Length: 1117
> > > Expires: Tue, 25 Feb 2003 10:17:17 GMT
> > > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > > Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
> > > X-Cache: MISS from ****************************
> > > Proxy-Connection: keep-alive
> > >
> > > <HTML><HEAD>
> > > <TITLE>ERROR: Cache Access Denied</TITLE>
> > > </HEAD>
> > > <BODY>
> > > <Standard Cache Access Denied Body.....>
> > > </BODY></HTML>
> > >
> > >
> > > GET http://**************************** HTTP/1.1
> > > Proxy-Authorization: Basic ****************************
> > > Accept: */*
> > > User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
> > > Host: ****************************
> > > Proxy-Connection: Keep-Alive
> > > Content-Length: 0
> > >
> > >
> > > HTTP/1.0 401 Unauthorized
> > > Server: Microsoft-IIS/5.0
> > > Date: Tue, 25 Feb 2003 08:06:03 GMT
> > > WWW-Authenticate: Basic realm="***************"
> > > Content-Length: 4431
> > > Content-Type: text/html
> > > X-Cache: MISS from ****************************
> > > Proxy-Connection: keep-alive
> > >
> > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
> > > <html dir=ltr>
> > >
> > > <head>
> > > <style>
> > > a:link {font:8pt/11pt verdana; color:FF0000}
> > > a:visited {font:8pt/11pt verdana; color:#4e4e4e}
> > > </style>
> > >
> > > <META NAME="ROBOTS" CONTENT="NOINDEX">
> > >
> > > <title>You are not authorized to view this page</title>.............
> > > </html>
> > >
> > >
> > > GET http://**************************** HTTP/1.1
> > > Content-Length: 0
> > > Accept: */*
> > > User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
> > > Host: ****************************
> > > Proxy-Connection: Keep-Alive
> > > Authorization: Basic ***************
> > >
> > >
> > > HTTP/1.0 407 Proxy Authentication Required
> > > Server: Squid/2.4.STABLE7
> > > Mime-Version: 1.0
> > > Date: Tue, 25 Feb 2003 10:17:17 GMT
> > > Content-Type: text/html
> > > Content-Length: 1117
> > > Expires: Tue, 25 Feb 2003 10:17:17 GMT
> > > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > > Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
> > > X-Cache: MISS from ****************************
> > > Proxy-Connection: keep-alive
> > >
> > > <HTML><HEAD>
> > > <TITLE>ERROR: Cache Access Denied</TITLE>
> > > </HEAD>
> > > <BODY>
> > > <Standard Cache Access Denied Body.....>
> > > </BODY></HTML>
> > >
> > >
> > >
> > > And so the cycle continues.........
> > >
> >

[Frank Schwieterman [MSFT]]

I'm curious, what type of proxy is it? What authentication schemes are
you using for the server and the proxy?

--
Regards,

Frank Schwieterman
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

"Rekkie" <rekc...@excite.com> wrote in message

news:640701d3.03082...@posting.google.com...

[Rekkie]

Hi Frank,

Thanks for the reply. Here are a few details about the type of
authentication I am using.

Proxy Used: Squid proxy-caching web server
Authentication: User/Password

Remote Server: Microsoft-IIS/5.0
Authentication: User/Password

Authentication works fine for both server and proxy if done in
isolation. (I am able to retrieve content from a site that does not
require authentication via the proxy. I am also able to retrieve
content from the site I am interested in where authentication is
required if I bypass the proxy). Used together I get a 401-407 loop as
described in detail in my previous postings.

If you need any further information, please let me know.

Regards
Rekkie

"Frank Schwieterman [MSFT]" <fsch...@online.microsoft.com> wrote in message news:<#96onP$cDHA...@tk2msftngp13.phx.gbl>...

[Rekkie]

Forgot to add :

Type of authentication used:
Proxy-Authenticate: Basic
WWW-Authenticate: Basic

[Frank Schwieterman [MSFT]]

I assume that after receiving the 407/Proxy Auth challenge, you are
setting basic proxy credentials and then resending. You then receive the
401 for basic server authentication, then are you resetting the proxy
credentials? If you are not, give that a try. The authentication samples
do that now, but they did not always so you may have missed that. What
happens is that when the request handles the proxy authentication challenge,
it considers the credentials consumed and discards them. The proxy however
likely wants those credentials to be present with each send.

--
Regards,

Frank Schwieterman
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

"Rekkie" <rekc...@excite.com> wrote in message
news:640701d3.03092...@posting.google.com...

[Rekkie]

Yes I have tried that combination, however the header sent by WinHttp
never contains both the server authentication and proxy authentication
strings together. Whereas if I try to download the file using Internet
Explorer, the header sent contains both authentication strings and
therefore the download works. Is it possible for winhttp to send both
authentication strings in the request header??

Here is the visual basic code that I use which is virtually identical
to the code found on the microsoft site
(http://msdn.microsoft.com/library/en-us/winhttp/http/authentication_vb.asp)
which by the way does not work either:

Public Sub CheckUrl(Url2Chk As String)
Dim strResponse As String
Dim bytes() As Byte
Dim fn As Integer
Dim iAttempts As Integer

' Assemble a new HTTP request.
WinHttpReq.Open "GET", Url2Chk, False
WinHttpReq.SetTimeouts 10000, 10000, 10000, 30000
WinHttpReq.SetProxy HTTPREQUEST_PROXYSETTING_PROXY,
"xxx.xxx.xxx.xxx:xx"


WinHttpReq.SetCredentials "xxx", "xxx", _
HTTPREQUEST_SETCREDENTIALS_FOR_PROXY

WinHttpReq.SetCredentials "xxx", "xxx", _
HTTPREQUEST_SETCREDENTIALS_FOR_SERVER

Do
iAttempts = iAttempts + 1

'Send Request
WinHttpReq.Send

Select Case WinHttpReq.Status
Case 200 ' Document retrieved

MsgBox "File Retrieved"

Case 401 ' Server requires authentication

WinHttpReq.SetCredentials "xxx", "xxx", _

HTTPREQUEST_SETCREDENTIALS_FOR_SERVER
Case 407 ' Proxy requires authentication

WinHttpReq.SetCredentials "xxx", "xxx", _
HTTPREQUEST_SETCREDENTIALS_FOR_PROXY
End Select
Loop Until (iAttempts > 3)

End Sub

Regards
Rekkie

"Frank Schwieterman [MSFT]" <fsch...@online.microsoft.com> wrote in message news:<#kh7#7FjDH...@TK2MSFTNGP12.phx.gbl>...

[Frank Schwieterman [MSFT]]

Hmm this has been a tricky issue. As a work-around for this on an
internal repro, we found using SSL allowed this to work in some scenarios.
We had problems however on WindowsXP SP1. I can't make any commitments that
the SSL work-around will work on future service packs for WindowsXP, however
I appreciate your help in identifying the issue.

--
Regards,

Frank Schwieterman
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

"Rekkie" <rekc...@excite.com> wrote in message

news:640701d3.03100...@posting.google.com...