Peter Meier
2005-09-08 06:43:36 UTC
Hi,
When I am trying to use wininet to authenticate through a proxy on a
server which also requires authentication, it works fine, if the server
is running on HTTP. If the server requires HTTPS the authorization
fails. Here's a code snippet:
...
BOOL bSendHttpRequest = HttpSendRequest(m_hHttpOpenRequest, NULL, 0,
NULL, 0);
DWORD dwStatus;
DWORD dwBufSize = sizeof(dwStatus);
HttpQueryInfo(m_hHttpOpenRequest, HTTP_QUERY_STATUS_CODE, &dwStatus,
&dwBufSize, 0);
BYTE strBuffer[2048];
DWORD dwBufSize = sizeof(strBuffer);
memset(strBuffer, 0, dwBufSize);
if (dwBufSize == HTTP_STATUS_PROXY_AUTH_REQ) // 407: Proxy
authentication required
{
strHeader = "Authorization: Basic aW5zdXJlcjpkZW1v" + "\r\n" +
"Proxy-Authorization: Basic YXVkYXRleDphdWRhdGV4" +
"\r\n" ;
bSendHttpRequest = HttpSendRequest(m_hHttpOpenRequest, strHeader,
strHeader.GetLength(), NULL, 0);
}
...
I have also tried to use
InternetSetOption(m_hHttpOpenRequest,
INTERNET_OPTION_PROXY_USERNAME,
&strProxyUsername, strProxyUsername.GetLength());
InternetSetOption(m_hHttpOpenRequest,
INTERNET_OPTION_PROXY_PASSWORD,
&strProxyPassword, strProxyPassword.GetLength());
instead of sending the header manually, but still it doesn't work.
When I do a network trace I can see that in the HTTP case, a 'GET'
request is send to the server together with the 'Proxy-Authorization'
header. Whereas in the HTTPS case my 'GET' request automatically
becomes a 'CONNECT' request and although I set the 'Proxy
Authorization' header I can see that it is not send (it does not appear
in the network trace)? Does anybody have an idea why the header is not
send in the 'CONNECT' case?
Maybe I should mention that when I am trying to connect to an HTTPS
server without going over a proxy it works. So I am already setting all
kinds of
flags:
INTERNET_FLAG_SECURE
INTERNET_FLAG_RELOAD
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_UI
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_TRANSFER_ASCII
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
and also SECURITY_FLAG_IGNORE_UNKNOWN_CA.
Am I missing any other flag?
Thanks a lot for any suggestions!
Peter
When I am trying to use wininet to authenticate through a proxy on a
server which also requires authentication, it works fine, if the server
is running on HTTP. If the server requires HTTPS the authorization
fails. Here's a code snippet:
...
BOOL bSendHttpRequest = HttpSendRequest(m_hHttpOpenRequest, NULL, 0,
NULL, 0);
DWORD dwStatus;
DWORD dwBufSize = sizeof(dwStatus);
HttpQueryInfo(m_hHttpOpenRequest, HTTP_QUERY_STATUS_CODE, &dwStatus,
&dwBufSize, 0);
BYTE strBuffer[2048];
DWORD dwBufSize = sizeof(strBuffer);
memset(strBuffer, 0, dwBufSize);
if (dwBufSize == HTTP_STATUS_PROXY_AUTH_REQ) // 407: Proxy
authentication required
{
strHeader = "Authorization: Basic aW5zdXJlcjpkZW1v" + "\r\n" +
"Proxy-Authorization: Basic YXVkYXRleDphdWRhdGV4" +
"\r\n" ;
bSendHttpRequest = HttpSendRequest(m_hHttpOpenRequest, strHeader,
strHeader.GetLength(), NULL, 0);
}
...
I have also tried to use
InternetSetOption(m_hHttpOpenRequest,
INTERNET_OPTION_PROXY_USERNAME,
&strProxyUsername, strProxyUsername.GetLength());
InternetSetOption(m_hHttpOpenRequest,
INTERNET_OPTION_PROXY_PASSWORD,
&strProxyPassword, strProxyPassword.GetLength());
instead of sending the header manually, but still it doesn't work.
When I do a network trace I can see that in the HTTP case, a 'GET'
request is send to the server together with the 'Proxy-Authorization'
header. Whereas in the HTTPS case my 'GET' request automatically
becomes a 'CONNECT' request and although I set the 'Proxy
Authorization' header I can see that it is not send (it does not appear
in the network trace)? Does anybody have an idea why the header is not
send in the 'CONNECT' case?
Maybe I should mention that when I am trying to connect to an HTTPS
server without going over a proxy it works. So I am already setting all
kinds of
flags:
INTERNET_FLAG_SECURE
INTERNET_FLAG_RELOAD
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_UI
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_TRANSFER_ASCII
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
and also SECURITY_FLAG_IGNORE_UNKNOWN_CA.
Am I missing any other flag?
Thanks a lot for any suggestions!
Peter