make an http post from server using user credentials - integrated security
Posted
by opensas
on Stack Overflow
See other posts from Stack Overflow
or by opensas
Published on 2009-06-25T22:16:43Z
Indexed on
2010/03/17
7:01 UTC
Read the original article
Hit count: 456
I'm trying to make a post, from an asp classic server side page, using the user credentials...
I'm using msxml2.ServerXMLHTTP to programatically make the post
I've tried with several configurations in the IIS 5.1 site, but there's no way I can make IIS run with a specified account...
I made a little asp page that runs whoami to verify what account the iis process i using...
with IIS 5.1, using integrated security the process uses:
my_machine\IWAM_my_machine
I disable integrated security, and leave a domain account as anonymous access, and I get the same (¿?)
to test the user I do the following
private function whoami()
dim shell, cmd
set shell = createObject("wscript.shell")
set cmd = shell.exec( server.mapPath( "whoami.exe" ) )
whoami = cmd.stdOut.readAll()
set shell = nothing: set cmd = nothing
end function
is it because I'm issuing a shell command?
I'd like to make http post calls, to another site that works with integrated security...
So I need some way to pass the credentials, or at least to run with a specified account, and then configure the remote site to thrust that account...
I thought that just setting the site to work with integrated security would be enough...
How can I achieve such a thing?
ps: with IIS6,happens the same but if I change the pool canfiguration I get the following info from whoami
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\SYSTEM
if I set a domain account, I get a "service unavailable" message...
edit: found this
it says what I supossed, "If an authenticated user makes a request, the thread token is based on the authenticated account of the user", but somehow I doesn't seem to work like that... what could I possibly be missing?
edit:
well the whoami thing is obviously fooling me, I tried with the following function
private function whoami_db( serverName, dbName )
dim conn, data
set conn = server.createObject("adodb.connection")
conn.open "Provider=SQLOLEDB.1;Integrated Security=SSPI;" & _
"Initial Catalog=" & dbName & ";Data Source=" & serverName
set data = conn.execute( "select suser_sname() as user_name" )
whoami_db = data("user_name")
data.close: conn.close
set data = nothing: set conn = nothing
end function
and everything seemed to be working fine...
but how can I make msxml2.ServerXMLHTTP work with the user credentials???
© Stack Overflow or respective owner
