Sticky Browser Request
Dear All,
We have a custom build application running on clustered WAS 6.0 with
IHS as a proxy. We have come across a strange behaviour with our
application. Our application has a authentication page and every user
should supply password to access our application. After login, Our
application URL attached with jsessionid in the server (We have not
enabled cookies). When we copy this URL and paste it in a different
browser, new browser will be able to go directly to the application by
skipping our login page.
Is there any possible ways available to prevent this? Hackers can
easily hack client browser, get the URL and access our application
without login. We are on fire to fix this.
Thanks & Regards,
Sridhar H
This is a tipycal session hijacking.
What happen here is once the session is validated anyone can use the session to access the application. One thing that you can do is get the users IP (Not sure whether you can do this with servlets) and store it in the session when the user logs in. And every time the application receives a request from the same session you can check whether the IP addresses matches with the stored IP address in the session.
By the way this will still not work when the real user and the hacker is behind the same proxy server or in same LAN
Similar Messages
-
Howto start a bpel process by using a http-get browser request
Hi,
i need some help with the start of a bpel-process.
My process will be started by a receive-activity which comes from a http-get browser request. Then the process will redirect the request-string to a synchronous service to get back its response to process it (this service has of course a wsdl).
The initial receive-activity needs a port Type and an operation to be declared. These concrete binding declarations must be defined in a wsdl-document i think. But the browser-client has no wsdl (and doesnt need it since it is no webservice, i think). Where do i declare the operation, port Type, etc.? Is it possible that it will be declared in an extra WSDL which represents the bpel-process?
Any help would be appreciated.
Albrechtcheck out 102.invokingProcesses tutorial/jsp and the html page .. that uses http invocation ..
hth clemens -
DW cs4 preview in browser - requesting localhost instead of 127.0.0.1
I use Dreamweaver CS4 on the same machine as Coldfusion Server
When I'm testing pages locally, I click preview in browser and Dreamweaver send the request, prefixed with localhost/page.cfm
This is fine and works, BUT I want to display debug output from Coldfusion. To set this up in CF Administrator you need to specify the IP address of the machine you want debug output from. It won't let you add 'localhost' as it expects an IP address
If I manually change the request from localhost/page.cfm to 127.0.0.1/page.cfm it works and displays debug out
Is there a way to change Dreamweaver, so when I click preview in browser, it uses 127.0.0.1 instead of localhost ?Your question is CF specific because it requires to configure hosts in CF. I suggest re-post your question at this link:
<http://forums.adobe.com/community/coldfusion>
hth -
Maintain session on new browser request
Hello,
I am developing a mobile web application. When the user is logged into the application a session is created which is normal.
In Some occasions I have to push a separate web page onto users mobile while the user is still logged in of course.
How do i make sure that the pushed web page is also in the same session as the one which was created when the user logged in?
thanksDear ,
the session remain active untill its requested false or its timed out.
you can make sure by using the session variables , in the new web page.
Cheers
Varun Rathore -
How to pass a HTML file as an object to a browser?
Hi,
I am currently designing a simple webserver application which will serve a client(browser) with a simple HTML form upon request.
I have already managed to complete this requirement but i need help simplifying a small part of my program regarding file input(HTML file to be exact).
My webserver application so far:
import java.io.*;*
import java.net.;
import java.util.*;
public class FormServer
public static void main(String[] args)
Scanner keyboard = new Scanner(System.in);
try
System.out.println("Enter listening port as an integer value");
int listening_port = keyboard.nextInt();
ServerSocket server_socket = new ServerSocket(listening_port);
System.out.println("Server is now listening on port "
listening_port" and awaiting HTTP request from client");
Socket client_socket = server_socket.accept();
System.out.println("Connection established with client "
+ client_socket.getInetAddress() + " on port " + listening_port);
InputStream data = client_socket.getInputStream();
BufferedReader buffered_data = new BufferedReader(new InputStreamReader(data));
final String firstline = buffered_data.readLine();
if(firstline.indexOf("GET")==0)
{color:#ff0000}final String FORM =
"<html>"
"<head>"
"<title>Mailing List form</title>"
"</head>"
"<body>"
"<h1>Add Your Name to our Mailing List</h1> "
"<form action=\"http://localhost:8080\" method=\"post\" "
"enctype=\"text/plain\"> "
" Last name: <input type=\"text\" name=\"last\" size=40 "
" value=\"\"> "
"<br> "
"E-mail Address: <input type=\"text\" name=\"email\" "
"size=12 value=\"\">"
"<br>"
"<input type=\"submit\" value=\"Send Request\" >"
"<input type=\"reset\" value=\"Reset\">"
"</form>"
"</body>" {color}
"</html>" ;
System.out.println("Method is GET for HTTP Request so: Sending Page");
DataOutputStream dos = new DataOutputStream(client_socket.getOutputStream());
dos.writeBytes(FORM);
dos.close();
if(firstline.indexOf("POST")==0)
//send posted FORM to SMTP server
catch(IOException e)
System.out.println(e);
The problem:
I would like to save all the {color:#ff0000}FORM{color} data in a HTML File so that everytime the browser asks for the FORM i can just create an instance of the File and serve it to the browser. Would that be possible?
This is my first time posting a question in a forum so please forgive me if i do not make sense. I would be happy to elaborate if necessary. All help will be greatly appreciated. Oh and just use localhost to access the server.
Edited by: sukul on May 24, 2009 9:50 PM
Edited by: sukul on May 24, 2009 9:53 PMyes thanks.. i will have time for HTTP formalities later
ok 1 last time lolz... i create the HTML file once right.. suppose i name it HtmlForm.html
Everytime a browser requests the file i want to be able to do something like
File Form = new File("HtmlForm.html");
now i want to be able to send Form using an output stream to the browser.
i tried
ObjectOutputStream SendMessage= new ObjectOutputStream(client_socket.getOutputStream);
SendMessage.writeObject(Form);
but that didnt produce the expected results.
Do you get what im trying to do?
Its no biggy....just wanted to do some house keeping before i hand in my project. -
How to find out the locale setting in a browser?
In my Java web project, the multi-lingual issue on the JSP pages is handled by JSTL. It works fine so far for any input messages. However, some messages come from the container. It is needed to find out the browser's country and language settings inside of the container. My question is how to find out the settings?
Thanks in advance.
v.Hi, this I found on James' website--see http://www.rf.net/~james/perli18n.html#Q28
Q28. Can web servers automatically detect the language of the browser and display the correct localized page?
A28. Yes. HTTP/1.1 defines the details of how content negotiation works, including language content.
WWW browsers send an Accept-Language request header specifying which languages are preferred for responses. This technique works fairly well, although some versions of Netscape Navigator send an improperly formatted request parameter. Also, switching language preferences in either Navigator or IE 4 doesn't always "take" without first deleting a language hint.
Few sites do content-negotiation on language, and interestingly enough I do not know of any major portals doing this. One site that does is Sun's documentation library at SunDocs. Debian.org does a very nice job of using Apache content negotiation wih languages and also has some nice help info too on Setting the Default Language.
Apache's Content Negotiation features will select the right page to return, whether HTML or image file. Annoyingly, the match logic is very literal, so a browser request for en-us will not match a server entry of en except as a last resort. Any other exact match will win over en, even if en-us was first preference.
There are 2 ways of doing content negotiation with Apache: type or variant maps and multiviews.
Variant Maps
In httpd.conf, disable Options Multiviews if configured and add
AddType type-var var
DirectoryIndex index.var
Then create an index.var file like this:
URI: start; vary="type,language"
URI: index.html.en
Content-type: text/html
Content-language: en-GB
URI: index.html.en
Content-type: text/html
Content-language: en-US
URI: index.html.en
Content-type: text/html
Content-language: en
URI: index.html.fr
Content-type: text/html
Content-language: fr-CA
URI: index.html.fr
Content-type: text/html
Content-language: fr
URI: index.html.es
Content-type: text/html
Content-language: es
Multiviews
The multiviews technique works like this. This does add extra server load, as each content directory must be scanned for the variant document names.
index.html is localized into variant documents such as:
index.html.en (or index.en.html)
index.html.fr
index.html.es
index.html (or index.html.html as a reader has recommended) symlinked to one of the above as the last resort.
Here's an example of http.conf directives for this:
# in httpd.conf
AddLanguage en .en
AddLanguage fr .fr
AddLanguage es .es
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.
LanguagePriority en es fr de pt
Options Multiviews
# end of httpd.conf fragment
Starting in Apache 1.2, you may also create documents with multiple language extensions.
O'Reilly's Apache - The Definitive Guide, Chapter 6
ApacheWeek article on Language Negotiation
Another ApacheWeek article on Language Negotiation -
Weblogic 10.3.2 - Page reload in browser is very slow after upgrade from 8.
when i first load portal page with empty cache it comes up with in 8 seconds..
i have noticed that
browser requests the page -- weblogic app server sends back the file lets say xxxx.css with response 200
after the first load, if i reload the page
browser requests the page with the below header info.. and the weblogic server takes a long time to send back 304 not modified error, about 30+ seconds
in this case browser is sending If-Modified-Since: Fri, 20 Aug 2010 00:47:22 GMT , and here weblogic server takes 30+ seconds to check and return the 304 not modified page
can any one help what might be the issue
http:/xxxx/let.css
GET xxx/let.css HTTP/1.1
Host: xxxxxxx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729)
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: xxxxxxxxxxxxxx
Cookie: JSESSIONID=FdZTM1FGnHKkRZ1x7pVpJ1pqbbzxqjbC4mx1sSGkRX5cHXndLhMJ!-1352170763; NSC_Qpsubm-80=0ac844d70050; s_cc=true; SC_LINKS=%5B%5BB%5D%5D; Not Segmented By Business Size=Not%20Segmented%20By%20Business%20Size; Did Not Visit The Support Site=Did%20Not%20Visit%20The%20Support%20Site; Core Site Page (Includes Microsite Pages)=Core%20Site%20Page%20%28Includes%20Microsite%20Pages%29; s_sq=%5B%5BB%5D%5D
If-Modified-Since: Fri, 27 Aug 2010 00:47:22 GMT
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Date: Wed, 13 Oct 2010 10:13:23 GMT
Server: Apache/2.0.63 (Unix)
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Expires: Wed, 13 Oct 2010 10:13:23 GMT
Cache-Control: max-age=0
Vary: Accept-Encoding
Set-Cookie: NSC_Qpsubm-80=0ac844d70050;expires=Wed,13-Oct-10 10:15:56 GMT;path=/We've seen this issue on some servers, but not on others running the same application. We're still researching the problem, but the best lead we've got so far is that it might have something to do with the network, either with not being able to look up a network address with DNS or accessing this address.
-
Is there any way to close an IE browser on XP through a Java Program
Hi All,
I am working on an application which has a web form with various feilds in it, on selecting the fields and clicking submit, the form will launch a WinRunner application in a remote machine and runs a test. For this I am using Tomcat webserver (V4.0.1). Now the problem I have is, when I submit the form, and WinRunner Launches on the remote machine (which has Operating System XP), should not already have any Browser windows open on it. So, to ensure that no browser windows are open, Initially in my Java Program I want to write a code which cleans up all the OPEN Browser windows on that machine.
Can any one help me out in finding a way of closing the IE browser windows on a XP machine through a Java program. (There is a servlet in the Tomcat webserver which launches the application based on the browser request). Tomcat is installed on the machine where WinRunner will be launched, So my browser request goes to that machine directly.
Thank you very much,
Ramesh Babu M.V.You can call some program (via Runtime.exec) that kills all IEXPLORE.EXE processes (ugly but could work for you). For instance, there is a program called kill.exe that you can try getting somewhere. My version of KILL.EXE is really old and somewhat buggy (killed all IEXPLORE.EXE processes but one in my Windows 2003 machine), so try checking if there's some newer version anywhere.
C:\>kill -?
Microsoft (R) Windows NT (TM) Version 3.5 KILL
Copyright (C) 1994-1998 Microsoft Corp. All rights reserved
usage: KILL [options] <<pid> | <pattern>>*
[options]:
-f Force process kill
<pid>
This is the process id for the task
to be killed. Use TLIST to get a
valid pid
<pattern>
The pattern can be a complete task
name or a regular expression pattern
to use as a match. Kill matches the
supplied pattern against the task names
and the window titles. -
Pageflow variable values don't hold between two ajax requests
I have pageflow application(Portal) where I have implemented typeAhead(like google suggest with AJAX) for two select boxes. Here I have to inform the server of the firstbox value after it is selected(with AJAX) to save it in pageflow variable so that for next request(while typing in second select box), the corresponding select option data determined by first selection has to be returned. But I see that pagflow doesn't hold values between subsequent ajax requests.But as per BEA Pageflow description values are retained till the end of session.
Does it have anything to do with the ajax requests which are not normal HTTP browser requests? Plz any suggestions are welcome.Hi
Thanks for reply,
I know that you said, because I did some ABAP programs and some ABAP reports of the bussiness process of Collateral Objects, with information of these tables and when I tried get information, I did something like you said, or I assigned cms_ast-object_ref_id to a variable, and this varible I converted to the same type of the other field and find the match or join between the tables(cms_movables, cms_ast).
The problem is not when I do an ABAP program. The problem is:
(BO)Business Objects needs to get some information about these tables to do some reports, but BO has not the tools or the capacity to convert fields, as well as ABAP. BO gets information directly of the tables of database.
The posible solution to this problem is that I can create a job and a program, which function is replicate the information of cms_ast and insert on a "z" table or get the relation between to tables (cms_movables and cms_ast) and insert on a "z" table. These can help BO to get information, because BO instead of get information of this tables (cms_movables, cms_ast) , now get information of the table z and then get and join with other tables.
The principal problem is that BO get information online, with these the job which run the program need to be run minute per minute. and I think that it is not the best practice, because all the tables are some scalables.
I think that my program could be better, how can I catch a INSERT event on table cms_ast, to convert the fields, and insert on a "z" tables
Or anybody have an idea, how can i solve these problems? -
Inexplicable delays in browser-to-servlet-to-browser communication
We are seeing some inexplicable "pauses" in the round-trip from
browser-to-servlet-to-browser communication. The browser and Weblogic
instance are on different machines, so correlating absolute times has
been difficult. So at this point it's hard to tell whether the browser
request is not being received immediately by the servlet, or the servlet
response is not being received immediately by the browser... or perhaps
it is, but maybe the response stream isn't "closing" properly, causing
the browser to think there's still more to come.
If the browser request is not being received immediately by the servlet,
it could be because the execute thread count is so low that the request
is being blocked until a thread is availble to service it. But our
thread count is set to 30 and this is with just a single user hitting
the servlet.
If the servlet response is not being received immediately by the
browser, or is not being closed properly, what could cause that?
Occassionally, I have been able to account for some of the "delay"
time. Our servlet does the usual stuff: writes out to the response
writer and then closes the writer:
PrintWriter writer = response.getWriter();
writer.write( htmlString );
writer.close();
I have seen the writer.close() method taking a long time - over 5
seconds on one occassion! What could it be doing?
Could some type of TCP_NO_DELAY network setting account for all of
this? Any and all help/experiences are appreciated.
mg
Mike Gorman, Director of Architecture
YOUcentric, Inc.
Charlotte, NC
704-643-1000 x518
http://www.youcentric.comIf you are using 5.1 and you have ELF turned on (see docs).
You can specify "time" as an ELF header and this gives you the time of
processing and the write.
mbg
In article <[email protected]>, [email protected] says...
Here are a few top of the head suggestions:
1. You can log the time when the request is received by the servlet and
when the output stream is closed. That should give you a fair idea of
what percentage of delay happens on the servlet side.
2. Try flush() to send stuff to the browser after every few lines of
write(). It helps.
3. IE does wait for the whole HTML to come in before it displays unlike
Netscape which shows the streaming data. So switch browser and check.
4. Make sure you are not using the SingleThread model even though that
does not explain the delay encountered by a single user.
If these do not help, you would need to give more insight into the code.
- Anshum
Mike Gorman wrote:
We are seeing some inexplicable "pauses" in the round-trip from
browser-to-servlet-to-browser communication. The browser and Weblogic
instance are on different machines, so correlating absolute times has
been difficult. So at this point it's hard to tell whether the browser
request is not being received immediately by the servlet, or the servlet
response is not being received immediately by the browser... or perhaps
it is, but maybe the response stream isn't "closing" properly, causing
the browser to think there's still more to come.
If the browser request is not being received immediately by the servlet,
it could be because the execute thread count is so low that the request
is being blocked until a thread is availble to service it. But our
thread count is set to 30 and this is with just a single user hitting
the servlet.
If the servlet response is not being received immediately by the
browser, or is not being closed properly, what could cause that?
Occassionally, I have been able to account for some of the "delay"
time. Our servlet does the usual stuff: writes out to the response
writer and then closes the writer:
PrintWriter writer = response.getWriter();
writer.write( htmlString );
writer.close();
I have seen the writer.close() method taking a long time - over 5
seconds on one occassion! What could it be doing?
==================================================
NewsGroup Rant
==================================================
Rant 1.
The less info you provide about your problem means
the less we can help you. Try to look at the
problem from an external perspective and provide
all the data necessary to put your problem in
perspective. -
Displaying a jpg on the browser using a simple http server.....
Hi
I've written a simple server which responds by sending a jpg file .
BROWSER ---request---> SERVER ( reads a jpg file, converts to byte[] and writes to browser )
^
|
|
<----response ----------
So I connect from the browser and the server sends a jpg and I'd to display that. Everything is thru sockets. There is no webserver as such.
The problem is, I'm getting the text fine, but instead of the picture, I get lots of characters...probably the browser is unable to interpret the jpg . How to I display the jpg ? Do I have to convert the characters in the server code before sending it ?
Anything to do with Base64 encoding ??
Thanks !!All answers to this question including mine disappeared ??????
In order to serve an image or any other type of data over the HTTP protocol you have to supply the correct HTTP response header with the data.
The stream of bytes written to the client should be structured like this:
A status code followed by several lines of key/value pairs with header information, a blank line and finally the bytes of the image.
All lines in the header should end with \r\n no matter what OS the server is running.
HTTP/1.1 200 OK
Date: Wed, 07 Nov 2001 18:37:47 GMT
Server: MyServer/0.1
Content-Type: image/jpeg
Content-Length: 4321The Content-Length field must have the length of the image data in bytes. The Content-Type field must be the correct mime type for the image data.
Read RFC 2068 if you want or need more information. -
Communication between mobile browser and proxy server
hi
I am trying to connect to internet in mobile through my proxy server.I wrote codings for that.Using my code i am able to get the request from the mobile browser but the problem is i am unable to connect to the proxy server
The following is my code for sending the request to the proxyserver and getting back the response:
s = (SocketConnection)Connector.open("socket://"+hostname+":"+port);
/*OutStream to write the request to the proxy server*/
OutputStream out = s.openOutputStream(); PrintStream outw = new PrintStream(out); outw.print(requestHeader +"\r\n"); /*Inputstream to read the response from the proxy server*/ InputStream in = s.openInputStream();
/*writing the response in the browser */
byte[] buffer = new byte[1024];
int len;
while((len = in.read(buffer)) > 0) {
os.write(buffer, 0, len);
is my coding correct?or i need to change anything in my codings?
This coding is working fine in emulator and displaying the correct output in the desktop browser.but in mobile it is not working?
Thanks a lothi
yes nothing is returned from the browser
request from the browser means
whenever u type say,www.google.co.in in your browser
the following type of request will go to the proxy server,after getting the request the proxy server will check for the host address and then it connects to the webserver and get the response and send it back to the browser.
for google page the request is
GET http://www.google.co.in/ HTTP/1.1
Host: www.google.co.in
Accept: text/html, application/vnd.wap.xhtml+xml, application/xhtml+xml, text/css, multipart/mixed, text/vnd.wap.wml, application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/java-archive, application/java, application/x-java-archive, text/vnd.sun.j2me.app-descriptor, application/vnd.met.ticket, application/x-wallet-appl.user-data-provision, application/vnd.oma.drm.message, application/vnd.oma.drm.content, application/vnd.wap.mms-message, application/vnd.wap.sic, text/x-co-desc, application/vnd.oma.dd+xml, */*
Accept-Charset: iso-8859-1, utf-8, iso-10646-ucs-2; q=0.6
Accept-Encoding: gzip,deflate,identity;q=0.9
Accept-Language: en
Cookie: PREF=ID=dc8dc6e63dab6e09:TM=1156324791:LM=1156324791:S=FgovcdMV93Mm4Li7
Cookie2: $Version="1"
User-Agent: Nokia6630/4.06.0 Series60/2.6 Profile/MIDP-2.0 Configuration/CLDC-1.1
x-wap-profile: "http://nds1.nds.nokia.com/uaprof/N6630r100.xml"
in the code u have given the value of the host is http: only -
Hi
I'm an owner from Scotland.
For the past week + the Browser function on my BlackBerry has not been operational. After selecting the Browser option the BlackBerry screen appears with "Requesting...", while the blue bar slowing fills up. Eventually I receive the following message: "Unable to connect to the selected Mobile Data Service, please try again later. If the problem persists please contact your administrator."
I thought this issue was a result of BlackBerry's recent reported problems and I have followed advice to register the handheld with the wireless network and carried out a battery pull restart but this has had no effect.
Any advice would be appreciated.
Regards
Tony
Yours for ScotlandHi Michal,
the patch is not yet integrated into the current development stream (bug
is still open). What you could do is to check out the launcher project
from CVS, apply the patch and deploy it as plugin to use it in your
eclipse enviroment.
Greets
Benny
Michal NkD Nikodím wrote:
> Many thaks. Can I download somewhere new version of RAP SDK (maybe only
> launcher) and use it ?
>
> I tried download rap.ui.launcher from eclipse tehnology CVS and repleace
> it in eclipse IDE plugin directory, but it didn't work.
>
>
> Roland Siebert wrote:
>> Hi, me again.
>>
>> I got it.
>>
>> Roland
>>
>> Benjamin Muskalla schrieb:
>>> Hi,
>>>
>>> there is already an open request for this:
>>>
>>> 234994: [Launcher] Add option to omit starting the application in a
>>> browser
>>> https://bugs.eclipse.org/bugs/show_bug.cgi?id=234994
>>>
>>> Greets
>>> Benny
>>>
>>> Michal NkD Nikodím wrote:
>>>> Hi,
>>>>
>>>> I need from you add new choice to run configuration dialog in
>>>> Eclipse IDE (section RAP application, group browser): "Don't
>>>> automatically start browser".
>>>>
>>>> I can not allow start browser to Eclipse IDE, because my project is
>>>> a litle bit bigger and Eclipse IDE start browser and requesting RAP
>>>> in time when my project isn't started complete (Missed some spring
>>>> module OSGi service registrations). Browser request in this time
>>>> failure.
>>>>
>>>> Now I have set browser in Eclipse IDE to piontless place and Eclipse
>>>> IDE, when want open browser only raise message box about "cannot
>>>> open browser" . I start browser manually later, when project is
>>>> completely started. This my workaround.
>>>>
>>>> But now, I start use Eclipse IDE Mylyn, and Mylyn work with same
>>>> configuration of browser in Eclipse IDE which I have set to
>>>> pointless place.... it is problem for me. -
Browser detection code for JSP ?
Hi ,
Im new to JSP (in case the question wasn't a give-away!!).
I would like to know how to do a browser detect - becuase I have
1 CSS for IE and another for Netscape.
Is there some code snippet site that I can get it from, or can
someone post it here please> >?
Thanks heaps
ROb
try:
request.getHeader("User-Agent")
If you want to see it, do something like:
Browser: <%= request.getHeader("User-Agent") %>
Hope that helps.
Regards,
Eric
"rob" <[email protected]> wrote in message
news:[email protected]..
> Hi ,
>
> Im new to JSP (in case the question wasn't a give-away!!).
>
> I would like to know how to do a browser detect - becuase I have
> 1 CSS for IE and another for Netscape.
>
> Is there some code snippet site that I can get it from, or can
> someone post it here please> >?
>
> Thanks heaps
>
> ROb
-
The IReportServerCredentials approach with the ReportViewer control is working fine within a domain, but I get a 401 not authorized error for a Web IIS server trying to call a SSRS server in another domain. I've see plenty of helpful postings on the use
of IReportServerCredentials but nothing that provides suggestions for this cross domain issue. Hope someone has some ideas on this one. Thanking you in advance for your response.
Using VS 2008 VB.NET web app with ReportViewer control Version=8.0.0.0.
Outside domainA Web Server IIS 8. OS = Windows NT 6.2;
Inside domainA Windows 7 desktop; Inside domainA Windows Server 2003
SSRS using windows authentication and on SQL Server 2012. OS = Windows NT 6.2
The processing described below successfully produces a report when the web server app runs on a machine in the same domain as the SSRS server. For the "same domain" web app, both Win 7 desktop VS 2008 development server and Windows 2003 IIS 6 have
been tested successfully.
The report fails with error "The request failed with HTTP status 401: not authorized " when the web app is run from a windows IIS 8 machine (outward or Internet facing web server) that is not in the domain of the SSRS server. The ReportViewer control
credentials (provided by IReportServerCredentials and taken from the web.config file) match a domain account in the same domain as the SSRS
server and one that has browser permission on the report folder. The same credentials are used successfully for reports requested from within the SSRS domain.
One interesting thing is that on the Internet facing web server, I can access the report via a browser request. So it is possible to have a user request coming from the Internet facing machine get through the SSRS windows authentication. Just does not
work for the ReportViewer.
Using IReportServerCredentials interface per example provided by Microsoft msdn site. Code listed below.
IReportServerCredentials would appear to be a viable approach because it can pass credentials of a windows account known to the SSRS server, but not known to the client machine. By the way, database calls to SQL Server in domainA using a SQL Server
native login account work fine. So the network support communication to a domain that the web server does not belong to.
<Serializable()> _
Public NotInheritable Class MyReportServerCredentials
Implements IReportServerCredentials
Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity _
Implements IReportServerCredentials.ImpersonationUser
Get
'Use the default windows user. Credentials will be
'provided by the NetworkCredentials property.
Return Nothing
End Get
End Property
Public ReadOnly Property NetworkCredentials() As ICredentials _
Implements IReportServerCredentials.NetworkCredentials
Get
'Read the user information from the web.config file.
'By reading the information on demand instead of storing
'it, the credentials will not be stored in session,
'reducing the vulnerable surface area to the web.config
'file, which can be secured with an ACL.
'User name
Dim userName As String = _
ConfigurationManager.AppSettings("MyReportViewerUser")
If (String.IsNullOrEmpty(userName)) Then
Throw New Exception("Missing user name from web.config file")
End If
'Password
Dim password As String = _
ConfigurationManager.AppSettings("MyReportViewerPassword")
If (String.IsNullOrEmpty(password)) Then
Throw New Exception("Missing password from web.config file")
End If
'Domain
Dim domain As String = _
ConfigurationManager.AppSettings("MyReportViewerDomain")
If (String.IsNullOrEmpty(domain)) Then
Throw New Exception("Missing domain from web.config file")
End If
Return New NetworkCredential(userName, password, domain)
End Get
End Property
Public Function GetFormsCredentials(ByRef authCookie As Cookie, _
ByRef userName As String, _
ByRef password As String, _
ByRef authority As String) As Boolean _
Implements IReportServerCredentials.GetFormsCredentials
authCookie = Nothing
userName = Nothing
password = Nothing
authority = Nothing
'Not using form credentials
Return False
End Function
End Class
'Set the ReportViewer values and retrieve the report from the SSRS server into a pdf file on the client machine.
ProposalRptViewer.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote
' Set the ReportViewer ReportServerCredentials from the MyReportServerCredentials Class.
' Note the credentials are for a domain account defined in the same domain that the SSRS server belongs to and one that has browser permission on the report folder.
ProposalRptViewer.ServerReport.ReportServerCredentials = _
New MyReportServerCredentials()
ProposalRptViewer.ServerReport.ReportServerUrl = New Uri(System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportServerURL))
ProposalRptViewer.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportPathProposal)
ProposalRptViewer.ShowCredentialPrompts = False ' disable prompting for data source credentials
Dim paramList As New Generic.List(Of ReportParameter)
Dim pInfo As ReportParameterInfoCollection
pInfo = ProposalRptViewer.ServerReport.GetParameters()
paramList.Add(New ReportParameter("ProposalID", ProposalID, True))paramList.Add(New ReportParameter("Entity", Entity, True))
paramList.Add(New ReportParameter("intRatesPage", intRatesPage1, True))
ProposalRptViewer.ServerReport.SetParameters(paramList)
' Process and render the report
ProposalRptViewer.ServerReport.Refresh()
Dim mimeType As String = Nothing
Dim encoding As String = Nothing
Dim streams As String() = Nothing
Dim extension As String = Nothing
Dim warnings As Microsoft.Reporting.WebForms.Warning() = Nothing
Dim returnValue As Byte()
' Render the proposal Rate Page 1 report to a Byte Array output in pdf file format.
returnValue = ProposalRptViewer.ServerReport.Render("PDF", Nothing, mimeType, encoding, extension, streams, warnings)
An error only occurs for web server not in the domain of SSRS Server:
The request failed with HTTP status 401: Unauthorized.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack
trace below.
Stack Trace:
[WebException: The request failed with HTTP status 401: Unauthorized.]
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods() +236
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname) +58
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.SetConnectionSSLForMethod(String methodname) +16
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID) +226
Microsoft.Reporting.WebForms.ServerReport.GetExecutionInfo() +192
Microsoft.Reporting.WebForms.ServerReport.SetParameters(IEnumerable`1 parameters) +136
DeltaRater.Web.ViewRates.btnCreateProposal_Click(Object sender, EventArgs e) in C:\alex\~~_____Rapid_Rater\SourceDir_VS2008_Jan17_2014\DRR\ViewRates.aspx.vb:911
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
Version Information: Microsoft .NET Framework Version:2.0.50727.8009; ASP.NET Version:2.0.50727.8010I got the answer to my question by following suggestions by Irb on another technical forum.
From web server (not on same domain), I was passing credentials of a domain account on the SSRS server. Irb suggested I create a local account on the SSRS server and pass those credentials. I tried this but got the same results.
This approach worked for web server in SSRS domain, but failed with 401 Unauthorized for web server outside the SSRS domain. Per suggestion for local account on SSRS server, I tried passing empty string "" as the domain via IReportServerCredentials.
Again this works for web server in the same domain as SSRS. But I get the 401 Unauthorized error when the web server is outside the domain. In testing and checking similar posts, I discovered an additional piece was required for the report request to work
across domains. The default user did not have authority to send the request and/or receive the report. Adding the following in <system.web> section of web.config file was needed.
<identity impersonate="true" userName="localwindowsuser" password="#########"/> where "localwindowsuser" is a windows user defined on the web server.
I never needed this extra piece when the web server ran in the same domain as the SSRS server. I thank Irb for making me go through the details of additional tests because that is how I stumbled across an identity comment and ultimately got things working.
Maybe you are looking for
-
IPhone has deleted all music and won't sync it back??
I tried to sync a new CD onto my iPhone, and it would not appear on my phone. When i clicked on the 'Music On My Device" tab on iTunes, the songs were in grey with a circle next to them. I then tried to play a pre-existing song on my phone, but my if
-
When I connect the laptop to a TV with an HDMI cable, I get video but no sound. In Control Panel, everything is supposedly up to date and working correctly, yet the ATI HDMI Audio is shown as disconnected. How do I get it to work?
-
Hi all, I have some data in a database and am about to start to write a simple querying / viewing application (probably Swing/webstart, maybe JSP). Because of the nature of the data, we are only licensed for a single concurrent user, so i have to mak
-
Hello all, in SAP ERP we created a warehouse with several storage types. One storage type represents an automated part within this warehouse. The TO is then the document to communicate between the warehouse and the automated part of the warehouse (th
-
No Signal Loss When Plugged In
Like many, I have suffered from the dropped bars while holding my phone the way most people do. I tried something last night and for some reason when I pick up my phone with my left hand when it's plugged into the power outlet not one bar drops. Mayb