• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1676
  • Last Modified:

MSXML2.XMLHTTP fails in Windows 2003 but works OK in Windows 2000. How dow I fix this problem on the 2003?

In my code I have a postXML java script function that works OK when my code is executed on a Windows 2000 server with IIS 5.0, however the same code does not work on a Windows 2003 server that  comes with iIIS 6.0 and msxml4 (sp 4) installed. Is this a 2003 setup/security problem, or, it is a java script problem?

function postXML (url, xmlDocument) {
   var httpRequest;
   try {
      httpRequest = new ActiveXObject('Msxml2.XMLHTTP');
      httpRequest.open('POST', url, false);
      httpRequest.send(xmlDocument);
      return httpRequest;
      }
   catch (e) {
     alert("(IE) - " + e);
     return null;
     }
   }      
</script>

I am not very familiar with Windows  2003, so please advise accordingly!
0
ablazso
Asked:
ablazso
  • 5
  • 4
6 Solutions
 
rdcproCommented:
Ths is most certainly due to the fact that 2003 installs with very strict security.  I'm not sure exactly what your scenario is.  Are you running this code server-side (as in ASP or ASP.NET), or is this running in IE6 on the Windows 2003 box?  The server and client security models are different.  Also, the URL you are posting to, and the URL that serves the page must be from the same domain.  I'm assuming this is client-side code, because you're using the client-side version of the object.  In that case, I'm wondering why you're doing this on a server.   IE 6 is locked down pretty tight on Win2k3.

Regards,
Mike Sharp
0
 
ablazsoAuthor Commented:
Yes my whole program is written in html and java script.  It was  running on a Linux server very well , but because I changed it  to convert the output to PDF, now with an embedded font, I decided to put it on our 2003 server that has a windows based HTML to PDF conversion routine. The PDF must be delivered to the client, so it may be printed.  Can you suggest me a better alternative? Would you like to any other part of this program?
0
 
rdcproCommented:
Well, the Msxml2.XMLHTTP object runs in Internet Explorer's security context, and is based on wininet.  You might try switching to the ServerXMLHTTP request object, which runs using winhttp, and has a separate TCP/IP stack.  It's also a lot more flexible.  But this is only a good idea if the javascript is actually running on the server, like for example it was running under windows scripting host.  But if I understand things, the client downloads an HTML page, which contains this javascript, and this is running under the client's browser, isn't it?  That means it's executing on the client operating system, not your server.  In which case, I'd look for cross-domain security issues if the URL points to a different machine than your Windows 2003 server.

Regards,
Mike Sharp
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
ablazsoAuthor Commented:
Yes, you are correct the java scrip runs on the client's browser, but it works correctly, as is, if it is from the Linux server or Windows 2000 server. I would leave the program on either of these, if it were not for the HTML to PDF conversion with embedded fonts I absolutely must have. Would you like to see the two html programs? I am willing to e-mail it to you or use whatever delivery means you prefer!@
0
 
rdcproCommented:
I guess it's worth a try.  Zip them up and email them to rdcpro@hotmail.com

Regards,
Mike Sharp
0
 
COBOLdinosaurCommented:
Could be a version issue Try these:
      new ActiveXObject("Microsoft.XMLHTTP");
or
      new ActiveXObject("MSXML2.XMLHTTP.4.0");

Cd&
0
 
ablazsoAuthor Commented:
Ok, I shall!
Unfortunatelly, the server is down for some software and hardware upgrage today!
0
 
rdcproCommented:
I thought about that possibility, but the code executes on the client.  

I would stay away from Microsoft.XMLHTTP as it's quite old.

Regards,
Mike Sharp
0
 
ablazsoAuthor Commented:
OK I am willing to...! But what should I replace it with? Can you point me to some write-up or documentation on some newer stuff?
On the other hand, my simplistic programs works just fine!  Why finx if it ain't broke?
0
 
rdcproCommented:
Yes, I’m pretty certain it’s a cross-domain data access problem, and it wouldn’t matter whether it was Win2k3 or some other machine. You can find out for sure by modifying your browser settings to prompt for cross-domain access.  

You can visit this page:
http://rdcpro.com/Members/rdcpro/tools/

where I’ve placed a tool that uses an XMLHTTP request to retrieve (by default) the Google home page.  If you have “prompt” enabled, when you click “Load HTML” you’ll see a popup that says:

“This page is accessing information that is not under its control.  This poses a security risk. Do you want to continue?”

If you answer no, or if you have cross-domain data access disabled, you’ll see a differnt dialog that's generated by my code in a try-catch block.

In order to fix this, you’ll have to put some server-side code on the Win2k3 box.  This will make a server-side XMLHTTP request using the ServerXMLHTTPRequest object, passing the credentials to the Linux box, and retrieve the session cookie that the linux box returns (or whatever it does to authenticate the browser).  Then you can explicitly set this on the response to the client.  It’s a pain, but I think it’s the only realistic approach.  Essentially you have to aggregate all the service calls to the Win2k3 box.  

There *might* be some DNS trickery you can use, though.  It seems to me here at work we used DNS to make the browser think a request was coming from our domain…It’s worth looking into.

Regards,
Mike Sharp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now