make an http post from server using user credentials - integrated security

Posted by opensas on Stack Overflow See other posts from Stack Overflow or by opensas
Published on 2009-06-25T22:16:43Z Indexed on 2010/03/17 7:01 UTC
Read the original article Hit count: 463

Filed under:
|
|

I'm trying to make a post, from an asp classic server side page, using the user credentials...

I'm using msxml2.ServerXMLHTTP to programatically make the post

I've tried with several configurations in the IIS 5.1 site, but there's no way I can make IIS run with a specified account...

I made a little asp page that runs whoami to verify what account the iis process i using...

with IIS 5.1, using integrated security the process uses:

my_machine\IWAM_my_machine

I disable integrated security, and leave a domain account as anonymous access, and I get the same (¿?)

to test the user I do the following


private function whoami()
dim shell, cmd

    set shell = createObject("wscript.shell") 
    set cmd = shell.exec( server.mapPath( "whoami.exe" ) )
    whoami = cmd.stdOut.readAll() 
    set shell = nothing: set cmd = nothing 

end function

is it because I'm issuing a shell command?

I'd like to make http post calls, to another site that works with integrated security...

So I need some way to pass the credentials, or at least to run with a specified account, and then configure the remote site to thrust that account...

I thought that just setting the site to work with integrated security would be enough...

How can I achieve such a thing?

ps: with IIS6,happens the same but if I change the pool canfiguration I get the following info from whoami

NT AUTHORITY\NETWORK SERVICE

NT AUTHORITY\LOCAL SERVICE

NT AUTHORITY\SYSTEM

if I set a domain account, I get a "service unavailable" message...

edit: found this

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/275269ee-1b9f-4869-8d72-c9006b5bd659.mspx?mfr=true

it says what I supossed, "If an authenticated user makes a request, the thread token is based on the authenticated account of the user", but somehow I doesn't seem to work like that... what could I possibly be missing?

edit:

well the whoami thing is obviously fooling me, I tried with the following function


private function whoami_db( serverName, dbName )
dim conn, data

set conn = server.createObject("adodb.connection")
conn.open		"Provider=SQLOLEDB.1;Integrated Security=SSPI;" & _
						"Initial Catalog=" & dbName & ";Data Source=" & serverName
set data = conn.execute( "select suser_sname() as user_name" )

whoami_db = data("user_name")

data.close: conn.close
set data = nothing: set conn = nothing

end function

and everything seemed to be working fine...

but how can I make msxml2.ServerXMLHTTP work with the user credentials???

© Stack Overflow or respective owner

Related posts about asp-classic

Related posts about authentication