Solved

MSXML2.XMLHTTP fails in Windows 2003 but works OK in Windows 2000. How dow I fix this problem on the 2003?

Posted on 2004-08-10
10
1,617 Views
Last Modified: 2008-01-09
In my code I have a postXML java script function that works OK when my code is executed on a Windows 2000 server with IIS 5.0, however the same code does not work on a Windows 2003 server that  comes with iIIS 6.0 and msxml4 (sp 4) installed. Is this a 2003 setup/security problem, or, it is a java script problem?

function postXML (url, xmlDocument) {
   var httpRequest;
   try {
      httpRequest = new ActiveXObject('Msxml2.XMLHTTP');
      httpRequest.open('POST', url, false);
      httpRequest.send(xmlDocument);
      return httpRequest;
      }
   catch (e) {
     alert("(IE) - " + e);
     return null;
     }
   }      
</script>

I am not very familiar with Windows  2003, so please advise accordingly!
0
Comment
Question by:ablazso
  • 5
  • 4
10 Comments
 
LVL 26

Assisted Solution

by:rdcpro
rdcpro earned 230 total points
ID: 11762976
Ths is most certainly due to the fact that 2003 installs with very strict security.  I'm not sure exactly what your scenario is.  Are you running this code server-side (as in ASP or ASP.NET), or is this running in IE6 on the Windows 2003 box?  The server and client security models are different.  Also, the URL you are posting to, and the URL that serves the page must be from the same domain.  I'm assuming this is client-side code, because you're using the client-side version of the object.  In that case, I'm wondering why you're doing this on a server.   IE 6 is locked down pretty tight on Win2k3.

Regards,
Mike Sharp
0
 

Author Comment

by:ablazso
ID: 11764012
Yes my whole program is written in html and java script.  It was  running on a Linux server very well , but because I changed it  to convert the output to PDF, now with an embedded font, I decided to put it on our 2003 server that has a windows based HTML to PDF conversion routine. The PDF must be delivered to the client, so it may be printed.  Can you suggest me a better alternative? Would you like to any other part of this program?
0
 
LVL 26

Assisted Solution

by:rdcpro
rdcpro earned 230 total points
ID: 11765652
Well, the Msxml2.XMLHTTP object runs in Internet Explorer's security context, and is based on wininet.  You might try switching to the ServerXMLHTTP request object, which runs using winhttp, and has a separate TCP/IP stack.  It's also a lot more flexible.  But this is only a good idea if the javascript is actually running on the server, like for example it was running under windows scripting host.  But if I understand things, the client downloads an HTML page, which contains this javascript, and this is running under the client's browser, isn't it?  That means it's executing on the client operating system, not your server.  In which case, I'd look for cross-domain security issues if the URL points to a different machine than your Windows 2003 server.

Regards,
Mike Sharp
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:ablazso
ID: 11767496
Yes, you are correct the java scrip runs on the client's browser, but it works correctly, as is, if it is from the Linux server or Windows 2000 server. I would leave the program on either of these, if it were not for the HTML to PDF conversion with embedded fonts I absolutely must have. Would you like to see the two html programs? I am willing to e-mail it to you or use whatever delivery means you prefer!@
0
 
LVL 26

Assisted Solution

by:rdcpro
rdcpro earned 230 total points
ID: 11768069
I guess it's worth a try.  Zip them up and email them to rdcpro@hotmail.com

Regards,
Mike Sharp
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 20 total points
ID: 11768568
Could be a version issue Try these:
      new ActiveXObject("Microsoft.XMLHTTP");
or
      new ActiveXObject("MSXML2.XMLHTTP.4.0");

Cd&
0
 

Author Comment

by:ablazso
ID: 11768691
Ok, I shall!
Unfortunatelly, the server is down for some software and hardware upgrage today!
0
 
LVL 26

Assisted Solution

by:rdcpro
rdcpro earned 230 total points
ID: 11768946
I thought about that possibility, but the code executes on the client.  

I would stay away from Microsoft.XMLHTTP as it's quite old.

Regards,
Mike Sharp
0
 

Author Comment

by:ablazso
ID: 11769759
OK I am willing to...! But what should I replace it with? Can you point me to some write-up or documentation on some newer stuff?
On the other hand, my simplistic programs works just fine!  Why finx if it ain't broke?
0
 
LVL 26

Accepted Solution

by:
rdcpro earned 230 total points
ID: 11778243
Yes, I’m pretty certain it’s a cross-domain data access problem, and it wouldn’t matter whether it was Win2k3 or some other machine. You can find out for sure by modifying your browser settings to prompt for cross-domain access.  

You can visit this page:
http://rdcpro.com/Members/rdcpro/tools/

where I’ve placed a tool that uses an XMLHTTP request to retrieve (by default) the Google home page.  If you have “prompt” enabled, when you click “Load HTML” you’ll see a popup that says:

“This page is accessing information that is not under its control.  This poses a security risk. Do you want to continue?”

If you answer no, or if you have cross-domain data access disabled, you’ll see a differnt dialog that's generated by my code in a try-catch block.

In order to fix this, you’ll have to put some server-side code on the Win2k3 box.  This will make a server-side XMLHTTP request using the ServerXMLHTTPRequest object, passing the credentials to the Linux box, and retrieve the session cookie that the linux box returns (or whatever it does to authenticate the browser).  Then you can explicitly set this on the response to the client.  It’s a pain, but I think it’s the only realistic approach.  Essentially you have to aggregate all the service calls to the Win2k3 box.  

There *might* be some DNS trickery you can use, though.  It seems to me here at work we used DNS to make the browser think a request was coming from our domain…It’s worth looking into.

Regards,
Mike Sharp
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Problem How to write an Xquery that works like a SQL outer join, providing placeholders for absent data on the outer side?  I give a bit more background at the end. The situation expressed as relational data Let’s work through this.  I’ve …
The Client Need Led Us to RSS I recently had an investment company ask me how they might notify their constituents about their newsworthy publications.  Probably you would think "Facebook" or "Twitter" but this is an interesting client.  Their cons…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question