Classic ASP: Get "Authorization" Header - authentication

I've been searching for a solution on the internet for this, and can not find it anywhere.
I've setup a simple POST request through Fiddler for an ASP page on my local machine:
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Host: localhost
Connection: Keep-Alive
Authorization: Basic xW91bsdtcyNqYTpfs8Jkb4ql
Content-Length: 9
asdfdfdsf
The ASP page contains the following line:
Response.Write(Request.ServerVariables("HTTP_Authorization"))
Instead of writing out "Basic .....", it doesn't write anything at all. If I change "HTTP_Authorization" to any of the other headers (HTTP_Content_Length), I can pull in their values.
Is there a reason ASP is refusing to let me see that specific header?
Thanks!

Apparently it was being removed by the server's windows auth
I unchecked "Integrated Windows authentication" and the header started showing up correctly

Related

X-P2P-PeerDist header: where does it come from?

I'm seeing this HTTP header on some requests made to my server:
X-P2P-PeerDist: Version=1.0
I'm aware of this: http://www.faqs.org/patents/app/20110016220#ixzz3g3X8lSYF, but I would like to know what are the known clients sending that header.
Any idea?
UPDATE: as requested, i'm including the other headers sent with the request (I've obfuscated some private stuff that are related to our customer with ***):
GET http://***.com/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Connection: Keep-Alive
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; .NET4.0C; .NET4.0E)
X-P2P-PeerDist: Version=1.0
UA-CPU: AMD64
Accept-Encoding: gzip, deflate, peerdist
Host: ***.com
Cookie: SMSESSION=***; OrgName=***; authCookie=***; ASP.NET_SessionId=***
Pragma: no-cache
Cache-Control: no-cache
The user agent seems to indicate IE11 (Trident/) in IE7 mode (compatible; MSIE 7.0), but I'm not getting the X-P2P-PeerDist header when I'm using this config, so I don't think it's directly related.
It is one of the headers used in the PeerDist peer content caching protocol. It has never been standardized and are not even registered with the IANA registry for HTTP headers.
It is known to be sent from some recent versions of Internet Explorer, .NET HTTP clients and SilverLight HTTP clients.
I’m relatively certain that this header is send when if the client is configured to use BranchCache and a request is made using WinHTTP. About BranchCache:
To optimize WAN bandwidth, BranchCache copies content from your main office content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN. (Source).
When testing here locally, a client that has BranchCache enabled sends the X-P2P-PeerDist header, while a brand new client (no BranchCache configured) does not sent it.
The underlying protocol seems for is Peer Content Caching and Retrieval (MS-PCCRTP), as the section Message Syntax from the protocol description defines X-P2P-PeerDist as one of the HTTP header extension it uses.
However, the document BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7 lists other MS-PCCx protocols but not MS-PCCRTP. So I don't have an external evidence that this header is caused by a BranchCache enabled client.
I have seen this in IE11 + compatibility mode on Windows 7, connected to an intranet application and downloading a docx file. The request only appears when downloading a document. All requests are going through an F5 load balancer. In other non-download requests on the same browser and same application, the X-p2p-peerdist header is missing.

recreate this web request in vb net

i?m trying to make automatic image set in pinterest account with WebClient.
I'd like to recreate this http request:
(Request-Line) POST /upload-image/?img=Desert.jpg HTTP/1.1
Host www.pinterest.com
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding gzip, deflate
X-Requested-With XMLHttpRequest
X-File-Name Desert.jpg
Cache-Control no-cache
X-CSRFToken RqwJCawJyAGYIZfzob51qxrEGj4GJcSA
Referer https://www.pinterest.com
Content-Length 846128
Content-Type multipart/form-data; boundary=---------------------------5431268530037
Cookie _pinterest_cm=TWc9PSY1YlkwcmtVRGlNRzRQZXpiZXJseVl6TnFHYnEvZlhpNDZPcExCQnhKN3UvdUUveWI0c3p4bWJKUmhoZy9YRG9sS3dNZTZFSFNhN2V3VWhJM1JkbUlxbC92VjhHUGFldlRTVVJTNlA1L1M0SDE5QXhLcHVWS2ZrSUh3NTN2ODA0WSZ5dnpJQkVRUmx5TVJGTEdmQm5EVmRGQXNqbDQ9; csrftoken=RqwJCawJyAGYIZfzob51qxrEGj4GJcSA; _pinterest_sess="TWc9PSYvRm93OFNxbGkxWTJ5bzVoZUFudHJVVDI4bndmL2I5SFVIQjZkVk1KWFJ3WDBmNndOWFR0QnBPazltZFRmcnJpcGU5akhQZS8vcEZWTzM5ODJWNVdKS2syekwwc1p1TVVNeEt3Z3NYa1lsMVFXcFpXYUdkRlE1RElQYTBYeXhyQkFkYVFmSHZnVkRyYWhYcURDYzhhWEpuR2dvekE1SlB6cXp4akNNdzJ6QysrR2MzRGNyRXJKczRuRHZDTm1uQkdLMUJrUnF6UjdZakhDUGNVRnQ4T1ZoQUFIQWJSU1VNUHNjUHV5VjlZbk1INU1FMFNhdGJiVFZRdUNDWFNlMGJvcDBFeXk4a3cxT25ROHpSOXFzcTZ6NFBHekFjNkFNQUtnaktQNGQ1VkhnNDdlSXNQTGhmTzhDWm5UaDNoZzdqbEFHQWQ1RjJXWVo5bjNXVkVUWnVUWXNiL1JLTFdqNDBvMWllT0VyRDRNN1lXN0diQmlWRjdGdWF5UGUzYkNLYlMvamJUSVFwcFZoVVVUL2ROVkFIQUNYODQxR3R5eDFrQ0VpTGhmaGZ1Y2VOdGt6aUdLQmtCTkRYdkpkVGhmLzMvMnVOWHAwQVdZWEs2alE4eTUwd3E1SlJPRWFDc3VKTXByb2tISm8rcldRQT0mejAwN0hvdlRhbU8zYmNJT0lsSm9PSldheGpJPQ=="; sessionFunnelEventLogged=1; __utma=229774877.448600758.1436737610.1436739423.1436745191.3; __utmz=229774877.1436737610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); c_dpr=1; __utmc=229774877; _b="ARLbRMvYKUdKiaBWDA2Oxko87z7iIN4MuGnJALvZK8vehgzT11AKeoa13PH4l9VjVMU="; _pinterest_pfob=disabled; __utmb=229774877.3.9.1436745219732; __utmt=1
Connection keep-alive
Pragma no-cache
I have try this code, but i can't obtain Content-Length and Content-Type.
Dim wc As New WebClient
wc.UseDefaultCredentials = True
wc.Credentials = New NetworkCredential("pippomio#yahoo.com", "88Y71nR3764")
wc.Headers.Add("Host", "www.pinterest.com")
wc.Headers.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5")
wc.Headers.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
wc.Headers.Add("Accept-Language", "it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3")
wc.Headers.Add("Accept-Encoding", "gzip, deflate")
wc.Headers.Add("X-Requested-With", "XMLHttpRequest")
wc.Headers.Add("X-Requested-With", "XMLHttpRequest")
wc.Headers.Add("X-File-Name", "Hydrangeas.jpg")
wc.Headers.Add("Cache-Control", "no-cache")
wc.Headers.Add("X-CSRFToken", token)
wc.Headers.Add("Referer", "https://www.pinterest.com")
wc.Headers.Add("Connection", "keep-alive")
wc.Headers.Add("Pragma", "no - cache")
Dim Response As Byte() = wc.UploadFile("https://www.pinterest.com/upload-image/?img=Hydrangeas.jpg", "POST", "Hydrangeas.jpg")
In wich way can I do this request in vb net?
Thanks
First, I recommend you to check this and this tutorial to learn how to send/receive HTTP requests on correct way.
Second, you should not re-do any web browser actions in your program since it is usually not a good practice as the frontend architecture should be subject an unexpected change any time. Instead of this, you should check Pinterest API, especially the Users API which can help you to achieve your plans. Usually API interfaces are not a subject of random changes, they are more reliable than replaying front-end operations and more stable, has more capabilities to the load.
(Pinterest API seems working only from Firefox, if you get an empty area at right side with a big "None" text, then browse the link from Firefox - it seems can handle the page)

POST data not sent in IE 11 using the WebBrowser control

I have the following JavaScript code being executed inside of an onclick event handler on my website.
var newRequest = new window.XMLHttpRequest();
newRequest.open('POST', '/index.cfm', true);
newRequest.send('q');
If I use IE 11 and open up my web page that is located on a testing server I can see that the request gets sent as expected using Fiddler with a content length of 1 and 'q' in the post data. However, if I open up my application that hosts the WebBrowser control and navigate to the same website on my test server and have it execute the above code I can always see that the request is being made but that the Content-Length header is 0 and 'q' is not sent along with the request. Here is the failing request as it appears in Fiddler.
POST http://test.mycompany.com/index.cfm HTTP/1.1
Accept: */*
Referer: http://test.mycompany.com/Curtis/BrowserTests/BrowserEventTests.html
Accept-Language: en-US
Content-Type: text/plain;charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: test.mycompany.com
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
If I then set the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION registry value for my executable to 9000 then it works and does send the post data as expected.
Here is the correct request as reported by Fiddler.
POST http://test.mycompany.com/index.cfm HTTP/1.1
Accept: */*
Referer: http://test.mycompany.com/Curtis/BrowserTests/BrowserEventTests.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: test.mycompany.com
Content-Length: 1
Connection: Keep-Alive
Pragma: no-cache
q
If I change that value back to 10000 or 11000 then it does not work. Does anyone have any ideas on why the post data would not be sent properly using the WebBrowser control? I have reset my IE settings back to factory default with no change in behavior.
Update: If I change the JavaScript to look like this instead then it works with the emulation mode set to 10000.
var newRequest = new ActiveXObject("Msxml2.XMLHTTP");
newRequest.open('POST', '/index.cfm', true);
newRequest.send('q');
Is this just a bug that needs to be reported?

Safari complains: Origin file:// is not allowed by Access-Control-Allow-Origin

My JavaScript Ajax program works fine with FireFox.
It even works OK on iPad!
But when I run it on Safari on Windows 7 - I get the above error.
I am attaching the HttpRequest header and respond.
First the FF data- see below -
I think - not sure - that it shows that the site I am accessing is not blocking me.
Next is the Safari data- see below -
I think that the problem is that Safari adds to the request header a
Origin:file://
I am not sure that this is the problem and I did not find a way to force Safari not to add it.
Thanks for your help
Ori
Here is the FF Data
Response Headers
Date Thu, 04 Aug 2011 19:08:58 GMT
Server Apache/2.2.3 (Linux/SUSE)
Keep-Alive timeout=15, max=100
Connection Keep-Alive
Transfer-Encoding chunked
Content-Type text/html
Request Headers
Host www.arabdictionary.huji.ac.il
User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110614 BTRS35926 Firefox/3.6.18
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Content-Length 50
Pragma no-cache
Cache-Control no-cache
Safari data
Request URL:http://www.arabdictionary.huji.ac.il/cgi-bin/arabic_results.pl
Request Headers
Content-Type:application/x-www-form-urlencoded
DNT:1
Origin:file:// <<<<<<<<<<<<<<<<< I think that this is my problem <<<<<<<<<<<<<
User-Agent:Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
Form Data
String:%d4%d4
searchType:byElement
act:dosearch
<<<<<<<<<<< No more data - no Response >>>>>>>>>>>>>>>>>>>>>

Strange content length value received from IE8/9 browser in upload request

I am facing a problem of moving 4+GB size file between computers. First I couldn't move the file on micro SD card (see my other post)
So now I am trying to upload this file. Exact file size is 4549809009, so when I try to upload it, my upload fails at premature ending of a input file.
Here are headers I get:
POST /webfolder/webapp/Folder/MediaChest HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://myotherhost/webfolder/webapp/Folder/MediaChest
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: multipart/form-data; boundary=---------------------------7db2ce294006e4
Accept-Encoding: gzip, deflate
Host: myotherhost
Content-Length: 254842353
Connection: Keep-Alive
Cache-Control: no-cache
So why content length set as 254842353? IE continues uploading after reaching this size, however the upload receiver thinks that end of stream reached. Where is problem, in the receiver or the sender?
One question I would have is, what is hosting the other site? If it is an Asp.Net site hosted by IIS, you will probably need to make sure that the maxRequestLength property in the web.config is set to handle a POST that big.
See:
Increase file upload size limit in iis6