Solved

Ignoring client certificate using ServerXMLHTTP (VB6)

Posted on 2014-01-27
5
3,162 Views
Last Modified: 2014-03-19
Any idea how I can force the ServerXMLHTTP to ignore requests for a client-certificate and fail-over to the Basic Authorization credentials provided?

I am trying to achieve this in Visual Basic 6 and ASP Classic.

Code so far:
Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
Call XMLHTTP.Open("GET", "https://server/path", False)
XMLHTTP.setRequestHeader "Authorization", "BASIC authhere=="
XMLHTTP.Send

Result so far:
msxml3.dll error '80072f0c'
A certificate is required to complete client authentication
0
Comment
Question by:syswin2
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:pateljitu
Comment Utility
Try code as provided below (you would still require Client certificate to be installed on the server making this call) :

Const SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256
Const SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512
Const SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096
Const SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192
Const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056

Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
XMLHTTP.SetOption(2, XMLHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)
XMLHTTP.Open("GET", "https://server/path", False)
XMLHTTP.setRequestHeader "Authorization", "BASIC authhere=="
XMLHTTP.Send

Open in new window


setOption:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms763811%28v=vs.85%29.aspx

getOption:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms753798%28v=vs.85%29.aspx
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
Comment Utility
Unfortunately, you have no way of controlling this from the client side. If the server is configured to require certificates, than there is nothing that the client can do about it.

Do you have control over the server that you are connecting to? If so, you need to look at the servers config to see if you can disable the requirement for client certificates.
0
 

Author Closing Comment

by:syswin2
Comment Utility
Hi mccarl,

Thanks for the information, I had no control over the server so I ended up getting my VB6/ASP script to talk via SOAP to a PHP script which then talked to the target server using cUrl which had an option to ignore server certificates.

A bit round the houses but it works.

Thanks,
Peter
0
 
LVL 35

Expert Comment

by:mccarl
Comment Utility
I'm glad that you got it working! :)

However, I'm still a little perplexed...
using cUrl which had an option to ignore server certificates.
There should be no way that ANY client (ServerXMLHTTP, cURL or any other) can bypass client authentication.

What option did you use with cURL that made this work?
0
 

Author Comment

by:syswin2
Comment Utility
We ended up using cUrl option "CURLOPT_SSL_VERIFYPEER" = False which caused it to fall-back to basic authentication (over SSL).
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now