MSXML Server Object 2

[Jorrti]

Hi all,
I'm trying to use the MSXML4 Server HTTP object to post to a SSL secured location.
I use the "Msxml2.ServerXMLHTTP4.0" object. I want to use the setOption method to specify which client has to be used.
Like this:

IServerXMLHTTPRequestPtr pHttpRequest;
Check(pHttpRequest.CreateInstance("Msxml2.ServerXMLHTTP4.0&quot);

pHttpRequest->setOption( 3, "certificatelocation"

I get a compile error:
error C2664: 'setOption' : cannot convert parameter 1 from 'const int' to 'enum _SERVERXMLHTTP_OPTION'
Conversion to enumeration type requires an explicit cast (static_cast, C-style cast or function-style cast)
Error executing cl.exe.

I also tried 'SXH_OPTION_SELECT_CLIENT_SSL_CERT instead' of just '3'. The complier says it's an Ambiguous symbol.

What am I doing wrong?

specs at:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk30/htm/xmmthsetoption.asp

Thanks in advance,

Jorrti

 

[JOLESEN]

Don't know what you did, but this builds without problem on my compiler :



#import "msxml4.dll"
using namespace MSXML2;

void main(void)
{
IServerXMLHTTPRequestPtr pHttpRequest;
pHttpRequest.CreateInstance("Msxml2.ServerXMLHTTP4.0"

pHttpRequest->setOption( SXH_OPTION_SELECT_CLIENT_SSL_CERT, "certificatelocation"
}

 

[palbano]

Same here on Win2k, VC7, Latest Platform SDK installed.

-pete

 

[t5noel]

I've been scouring the internet looking for some C++ sample code for this! Can you elaborate on "certificatelocation"?

 

[Jorrti]

I use the code Jolesen typed above. Only I do the import and namespacing in another file which I include in the file where I use the MSXML server object in. It doesn't work. The compiler still complains that 'SXH_OPTION_SELECT_CLIENT_SSL_CERT' is an ambiguous symbol.
I have the latest MSXML SDK (created 02/24/03 at 15:36:03) but it doesn't compile. What could be wrong.
I use want to use the MSXML Server object in a simple dual ATL class. I use it on several other locations. Everything goes fine if I don't have to set options.
In ASP it works quite okay, although I don't have a clue yet of how to set the certificate location.

 

[Jorrti]

It's quite strange. When I use the code in a new, empty, normal C++ source file it compiles without a problem. In my project it doesn't, unfortunately.

 

[palbano]

try this

  pHttpRequest->setOption( MSXML2::SXH_OPTION_SELECT_CLIENT_SSL_CERT, "certificatelocation");

-pete

 

[Jorrti]

When I try
pHttpRequest->setOption(MSXML2::SXH_OPTION_SELECT_CLIENT_SSL_CERT, "certificatel;ocation"

It doesn't compile neither. Compiler says: "error C2664: 'setOption' : cannot convert parameter 1 from 'enum MSXML2::_SERVERXMLHTTP_OPTION' to 'enum _SERVERXMLHTTP_OPTION'
Conversion to enumeration type requires an explicit cast (static_cast, C-style cast or function-style cast)"

I don't get why it starts talking about enumerations. I thought the references to the options of the MSXML server object were just simple integers.

 

[t5noel]

Here is a quote from the link below that explains the "certificatelocation".

"Currently, the ServerXMLHTTP object looks only in the personal certificate store of the user account under which the IIS process runs. For IIS applications that are set to run with medium or high application protection levels, that account is typically the IWAM_machinename account. ServerXMLHTTP does not look in the Local Computer certificate store."

In a nutshell the certificate must be loaded into the IE personnal certificate store. Then you can reference the certificate using it's "common name" as listed in the personnal certificate store.

http://support.microsoft.com/default.aspx?scid=kb;en-us;301429

 

[palbano]

It looks to me like you may have somehow generated two sets of the MSXML ATL generated code, one is namespaced and the other is not. Perform a Build/Clean then look in your output folder (Debug) and make sure all the intermediate files are gone. If there are any left delete them. Then build your project again.

If it still errors then you are pulling something in from your include directory settings in the IDE.


-pete

 

[Jorrti]

hey guys,
thanks. It compiles now. I was stupid and overlooked these two lines of code:

#include "MSXML 4.0\inc\MSXML2.h"
#include "MSXML 4.0\inc\MSXML2did.h"

These lines were causing the trouble.
I just deleted them.
Only remaining problem is certificate location. But I already saw a nice post on that in this thread.

 

[Jorrti]

Referencing a certificate isn't trivial.
I have a certificates called 'abc'.

In de Microsoft Management Console the path to the certificate is:

Console Root\Certificates(Local Computer)\Personal\Certificates
I can't see the Certificate in IE when I look under Tools/Internet Options/Content/Certificates/Personal. There's no change after I use the 'import' button.

I try to set the certificate with the following code now:

pHttpRequest->setOption(SXH_OPTION_SELECT_CLIENT_SSL_CERT, "LOCAL_MACHINE\\My\\fonob-1.swip.net"


how can I verify that the specified certificate is valid?

 

[t5noel]

Jorrti,
I had the same problems initially trying to import certificates. Unfortunately it's been a while and I'll have to kick it around to see if I can duplicate what I did. Once the certificate is loaded you can view it to check it's validity.

Tom

 

[t5noel]

Jorti,
Try this link.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;232137

Tom

 

[Jorrti]

I only want to use the SSL certificate to be able to post to a https:// website on another computer. I don't need to SSL-secure my own websites. The SSL certificate I want to use is only to identify myself to the website I want to post to. I already tried to save the certificate using mmc.exe. This works fine, that is I can see the certificate in mmc. But I really don't know how to reference it.

 

[Jorrti]

The global problem I have is as follows:
I can post data to the SSL website when I use the normal XML HTTP object (not server specific). I need to post an empty request, then I get a popup asking me to accept a certificate and then I can post data as much as I like, for one session.
I am developing an application however that needs to post data automatically to a SSL website. So there's no-one available to click yes/accept in the popups. I thought the easiest way to avoid these popups was to use the XMLHTTPServerObject and set the certificate to use when posting to the SSL website.
If someone knows another solution please let me know.

 

[JOLESEN]

I post data to a website every day without problems at all. The post is done via SSL (Port 443 I think).

I don't really understand what you write :
>>I get a popup asking me to accept a certificate
The certificate being accepted : Is it located on your computer or on the web-server ?

/JOlesen

 

[Jorrti]

I get a pop up asking me to accept a certificate from the webserver I try to post too. I accept it and import it. But the problem is that everytime I post for the first time in a session, I must accept the same certificate. IE doesn't see that I already accepted the certificate and that it is actually stored on my computer.
For example when I do my E-Banking at home, it goes via a SSL website. The first time I visited the site I had to accept a certificate, this was stored on my computer and now I can go to the site without further specifying or accepting any certificates.
This is the behaviour I expected for the connection I'm having trouble with. Unfortunately it doesn't work this way.

 

[palbano]

Maybe since the control your using is not IE it's not caching the certificate and re-using it.

Now keep in mind I have never done this so I may be totally wrong here. You may not be able to use the control based on your requirements. You may need to write your own TCP/IP HTTPS code to accomplish your goal of caching and re-using the certificate.


-pete

 

[JOLESEN]

I am no expert on this, but it does puzzle me somewhat :

Would anyone connecting to this website be asked to accept this certificate ?
I would imagine you somehow had to authenticate your self to the server ?

Anyway I think this could be considered a 'Client Certificate' ?
If so you really should have a look at WinHTTP 50 SDK.
It implements a function SetClientCertificate() + sample code on the subject.

I use this SDK (but don't really use client certificates - sorry).

/JOlesen