FIX: ServerXMLHTTP Does Not Return Cookies Using NTLM Authentication

Symptoms

You can use the ServerXMLHTTP object to retrieve and resubmit session cookies. You can retrieve the cookie from the Response header and resubmit the cookie through the Request Header. Everything works as you expect when you use the Anonymous authentication method. However, when you use the NTLM authentication method, and you resubmit the cookie, the cookie is lost.

↑ Back to the top

Resolution

To resolve this problem, use one of the following methods:

Method 1: Install MDAC 2.7 Service Pack 1 (SP1). This contains MSXML 3.0 SP3, which contains the fix. MDAC 2.7 SP1 is available for download at the following Microsoft Web site:
MDAC 2.7 SP1
Method 2: Install MSXML 4.0 Parser. The MSXML 4.0 parser is available for download at the following Microsoft Web site:
http://msdn.microsoft.com/xml
To use MSXML 4.0 change your code from the following Prog ID:

Msxml2.ServerXMLHTTP.3.0

to the following Prog ID:

Msxml2.ServerXMLHTTP.4.0

↑ Back to the top

Status

Microsoft has confirmed that this is a bug in the ServerXMLHTTP component.
It has been fixed in the latest release of MSXML 3.0 SP3, which is included with MDAC 2.7 SP1.

↑ Back to the top

More Information

Steps to Reproduce the Behavior

In Windows Explorer, create a folder that is named Test in the root folder of your Web server THe root folder is typically found in the following location: C:\Inetpub\Wwwroot\.
In the left pane of Internet Information Services, right-click the Default Web Site, create a Virtual directory that is named Test, and then point this Virtual directory to the Test folder that you created earlier in the root folder of your Web server.
Double-click the Default Web Site, right-click Test, and then click Properties.
On the Directory Security tab, click Edit, and then click to clear the Anonymous access check box. Make sure that the Integrated Windows authentication check box is checked for NTLM authentication.
Use notepad to create a file that is named Sender.asp, and to create a file that is named Receiver.asp, and then save these files to the Test folder that you created earlier.

Paste the following segments of code in each file as follows: Sender.asp:

<%
dim sender
dim cookie
'Step 1: Get the Session Cookie
set sender = server.CreateObject("Msxml2.ServerXMLHTTP.3.0")
sender.open "GET", "http://localhost/test/receiver.asp?resubmit=false",false
sender.send
cookie = sender.getResponseHeader("Set-Cookie")

sID = mid(cookie,instr(1,cookie,"=")+1,instr(1,cookie,";")-(instr(1,cookie,"=")+1))
'Display the Session cookie information 
Response.Write "Response Header Information From First Request: <br/><br/>"
Response.Write "Response Header Cookie = " & cookie & "<br/>"
Response.write "SessionID = " & sID & "<br/><br/>"
Response.Write "Setting Request Header Cookie as: " & left(cookie,instr(1,cookie,";")-1) & "<br/>"
Response.Write "<br/>"

set sender = nothing
'Step 2: re-submit the same Session cookie back
set sender = server.CreateObject("Msxml2.ServerXMLHTTP.3.0")
sender.open "POST", "http://localhost/test/receiver.asp?resubmit=true",false
sender.setRequestHeader "COOKIE", left(cookie,instr(1,cookie,";")-1)
sender.setRequestHeader "COOKIE", left(cookie,instr(1,cookie,";")-1)
sender.send "<XML>Sent XML</XML>"

'The response from the ASP page. 
Response.Write "Request Header Cookie received by receiver:</br> " & sender.responseText & "</br>"

%>

Receiver.asp:

<%
Response.Write "Cookie:" & Request.ServerVariables("HTTP_COOKIE")
%>

Run Sender.asp from the following location: http://localhost/Test/Sender.asp

Notice that the Receiver cookies are missing.

↑ Back to the top

Keywords: kbbug, kbfix, kb

↑ Back to the top

Article Info

Article ID	:	326847
Revision	:	1
Created on	:	1/7/2017
Published on	:	11/28/2012
Exists online	:	False
Views	:	683

Microsoft KB Archive Search

FIX: ServerXMLHTTP Does Not Return Cookies Using NTLM Authentication

Symptoms

Resolution

Status

More Information

Steps to Reproduce the Behavior