Solved

Ignoring client certificate using ServerXMLHTTP (VB6)

Posted on 2014-01-27
5
3,268 Views
Last Modified: 2014-03-19
Any idea how I can force the ServerXMLHTTP to ignore requests for a client-certificate and fail-over to the Basic Authorization credentials provided?

I am trying to achieve this in Visual Basic 6 and ASP Classic.

Code so far:
Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
Call XMLHTTP.Open("GET", "https://server/path", False)
XMLHTTP.setRequestHeader "Authorization", "BASIC authhere=="
XMLHTTP.Send

Result so far:
msxml3.dll error '80072f0c'
A certificate is required to complete client authentication
0
Comment
Question by:syswin2
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:pateljitu
ID: 39815238
Try code as provided below (you would still require Client certificate to be installed on the server making this call) :

Const SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256
Const SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512
Const SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096
Const SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192
Const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056

Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
XMLHTTP.SetOption(2, XMLHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)
XMLHTTP.Open("GET", "https://server/path", False)
XMLHTTP.setRequestHeader "Authorization", "BASIC authhere=="
XMLHTTP.Send

Open in new window


setOption:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms763811%28v=vs.85%29.aspx

getOption:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms753798%28v=vs.85%29.aspx
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 39816678
Unfortunately, you have no way of controlling this from the client side. If the server is configured to require certificates, than there is nothing that the client can do about it.

Do you have control over the server that you are connecting to? If so, you need to look at the servers config to see if you can disable the requirement for client certificates.
0
 

Author Closing Comment

by:syswin2
ID: 39863152
Hi mccarl,

Thanks for the information, I had no control over the server so I ended up getting my VB6/ASP script to talk via SOAP to a PHP script which then talked to the target server using cUrl which had an option to ignore server certificates.

A bit round the houses but it works.

Thanks,
Peter
0
 
LVL 35

Expert Comment

by:mccarl
ID: 39863559
I'm glad that you got it working! :)

However, I'm still a little perplexed...
using cUrl which had an option to ignore server certificates.
There should be no way that ANY client (ServerXMLHTTP, cURL or any other) can bypass client authentication.

What option did you use with cURL that made this work?
0
 

Author Comment

by:syswin2
ID: 39940534
We ended up using cUrl option "CURLOPT_SSL_VERIFYPEER" = False which caused it to fall-back to basic authentication (over SSL).
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now