Microsoft KB Archive/326847

= FIX: ServerXMLHTTP Does Not Return Cookies Using NTLM Authentication =

Article ID: 326847

Article Last Modified on 6/6/2003

-

APPLIES TO


 * Microsoft Data Access Components 2.7 Service Pack 1
 * Microsoft XML Parser 3.0 Service Pack 3

-



This article was previously published under Q326847





SYMPTOMS
You can use the ServerXMLHTTP object to retrieve and resubmit session cookies. You can retrieve the cookie from the Response header and resubmit the cookie through the Request Header. Everything works as you expect when you use the Anonymous authentication method. However, when you use the NTLM authentication method, and you resubmit the cookie, the cookie is lost.



RESOLUTION
To resolve this problem, use one of the following methods:  Method 1: Install MDAC 2.7 Service Pack 1 (SP1). This contains MSXML 3.0 SP3, which contains the fix. MDAC 2.7 SP1 is available for download at the following Microsoft Web site:

MDAC 2.7 SP1

 Method 2: Install MSXML 4.0 Parser. The MSXML 4.0 parser is available for download at the following Microsoft Web site:

http://msdn.microsoft.com/xml

To use MSXML 4.0 change your code from the following Prog ID:

Msxml2.ServerXMLHTTP.3.0

to the following Prog ID:

Msxml2.ServerXMLHTTP.4.0



STATUS
Microsoft has confirmed that this is a bug in the ServerXMLHTTP component. It has been fixed in the latest release of MSXML 3.0 SP3, which is included with MDAC 2.7 SP1.



Steps to Reproduce the Behavior
 In Windows Explorer, create a folder that is named Test in the root folder of your Web server THe root folder is typically found in the following location: C:\Inetpub\Wwwroot\. In the left pane of Internet Information Services, right-click the Default Web Site, create a Virtual directory that is named Test, and then point this Virtual directory to the Test folder that you created earlier in the root folder of your Web server.</li> Double-click the Default Web Site, right-click Test, and then click Properties.</li> On the Directory Security tab, click Edit, and then click to clear the Anonymous access check box. Make sure that the Integrated Windows authentication check box is checked for NTLM authentication.</li> Use notepad to create a file that is named Sender.asp, and to create a file that is named Receiver.asp, and then save these files to the Test folder that you created earlier.</li>  Paste the following segments of code in each file as follows: Sender.asp:

<%       dim sender dim cookie 'Step 1: Get the Session Cookie set sender = server.CreateObject(&quot;Msxml2.ServerXMLHTTP.3.0&quot;) sender.open &quot;GET&quot;, &quot;http://localhost/test/receiver.asp?resubmit=false&quot;,false sender.send cookie = sender.getResponseHeader(&quot;Set-Cookie&quot;) sID = mid(cookie,instr(1,cookie,&quot;=&quot;)+1,instr(1,cookie,&quot;;&quot;)-(instr(1,cookie,&quot;=&quot;)+1)) 'Display the Session cookie information Response.Write &quot;Response Header Information From First Request: &quot; Response.Write &quot;Response Header Cookie = &quot; & cookie & &quot; &quot; Response.write &quot;SessionID = &quot; & sID & &quot; &quot; Response.Write &quot;Setting Request Header Cookie as: &quot; & left(cookie,instr(1,cookie,&quot;;&quot;)-1) & &quot; &quot; Response.Write &quot; &quot;

set sender = nothing 'Step 2: re-submit the same Session cookie back set sender = server.CreateObject(&quot;Msxml2.ServerXMLHTTP.3.0&quot;) sender.open &quot;POST&quot;, &quot;http://localhost/test/receiver.asp?resubmit=true&quot;,false sender.setRequestHeader &quot;COOKIE&quot;, left(cookie,instr(1,cookie,&quot;;&quot;)-1) sender.setRequestHeader &quot;COOKIE&quot;, left(cookie,instr(1,cookie,&quot;;&quot;)-1) sender.send &quot;<XML>Sent XML</XML>&quot;

'The response from the ASP page. Response.Write &quot;Request Header Cookie received by receiver: &quot; & sender.responseText & &quot; &quot;

%>

Receiver.asp:

<%   Response.Write &quot;Cookie:&quot; & Request.ServerVariables(&quot;HTTP_COOKIE&quot;) %>                   </li> Run Sender.asp from the following location: http://localhost/Test/Sender.asp</li></ol>

Notice that the Receiver cookies are missing.

Keywords: kbbug kbfix KB326847

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.