Geek asks and answers

I don’t understand why WinHTTP does NOT authenticate a particular HTTPS resource

I would be very grateful for any help that can help me solve this problem.

From the Excel VBA code, I need to download and analyze the CSV file from the https://redmine.itransition.com/ website . I am trying to use WinHTTP to get a file. However, I cannot understand why authentication does not work. Here is a snippet of related code:

TargetURL = "https://redmine.itransition.com/projects/pmct/time_entries.csv"
Set HTTPReq = CreateObject("WinHttp.WinHttpRequest.5.1")
HTTPReq.Option(4) = 13056 ' WinHttpRequestOption_SslErrorIgnoreFlags 13056: ignore all err, 0: accept no err
HTTPReq.Open "GET", TargetURL, False
HTTPReq.SetCredentials "UN", "PW", 0
HTTPReq.send

returns the following response (only certain lines are listed):

Content-Type: text/html; charset=utf-8
Status: 406
X-Runtime: 5

However, if I sent the cookie string from the Firefox cookie after successful authentication manually using

HTTPReq.setRequestHeader "Cookie", SetCookieString
HTTPReq.send

. , WinHTTP. , , . , .SetClientCertificate, - ?

, : WinHTTP, , , / ? 2 MSDN , .

!

+2
3

https://redmine.itransition.com/ - HTML, script /login.

SetCredentials, , basic/digest/ntlm.

, , authenticity_token , /login.

+ cookie set-cookie, .

+3

@Alex K. , soooo long! Firebug MSDN 3- :

  • GET authenticity_token RegEx
  • POST cookie
  • GET, CSV

, :

Set RegX_AuthToken = CreateObject("VBScript.RegExp")
' Below Pattern w/o double-quotes encoded: (?:input name="authenticity_token" type="hidden" value=")(.*)(?:")
RegX_AuthToken.Pattern = "(?:input name=" & Chr(34) & "authenticity_token" & Chr(34) & " type=" & Chr(34) & "hidden" & Chr(34) & " value=" & Chr(34) & ")(.*)(?:" & Chr(34) & ")"
RegX_AuthToken.IgnoreCase = True
RegX_AuthToken.Global = True

TargetURL = "https://redmine.itransition.com/login"

Set HTTPReq = CreateObject("WinHttp.WinHttpRequest.5.1")
HTTPReq.Open "GET", TargetURL, False
HTTPReq.Send

Set Token_Match = RegX_AuthToken.Execute(HTTPReq.ResponseText)
AuthToken = Token_Match.Item(0).SubMatches.Item(0)

PostData = "authenticity_token=" & AuthToken & "&back_url=https://redmine.itransition.com/" & "&username=" & UN & "&password=" & PW & "&login=Login »"

HTTPReq.Open "POST", TargetURL, False
HTTPReq.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
HTTPReq.Send (PostData)

SetCookieString = HTTPReq.GetResponseHeader("Set-Cookie")

TargetURL = "https://redmine.itransition.com/projects/pmct/time_entries.csv"
HTTPReq.Open "GET", TargetURL, False
HTTPReq.setRequestHeader "Cookie", SetCookieString
HTTPReq.Send

URL- POST: http://tkang.blogspot.com/2010/09/sending-http-post-request-with-vba.html

, , authenticity_token /login.

. - ! (

+6

( ) POST, : - 4-5 ( ) 406 -, , auth . : +, , /, , + - 406 .

: URL-encode + es PostData. http://www.blooberry.com/indexdot/html/topics/urlencoding.htm , , :

PostData = "authenticity_token=" & Replace(AuthToken, "+", "%2B", vbTextCompare) & _
    "&back_url=https://redmine.itransition.com/projects/" & Trim(RedmineProject) & _
    "/time_entries" & "&username=" & UN & "&password=" & PW & "&login=Login »"

+es are replaced with %2Bs, and that was so - no more than 406s!)

Other special characters do not matter in my case, but the lesson has been learned. Hope this saves a few hours of life for someone else!

0
source

More articles:


All Articles