I have a C++ Windows application, developed using Visual studio 2017 on windows 10 system. This application uses cpprestsdk to post request to REST Server. My application works perfectly fine on windows 10 machine with properly posting request over ssl to rest server. I did not create any local certificate to make my application work on windows 10.
However same application when ported on windows 7 (64 bit), is not able to POST request with SSL protocol to rest server.
Same request works without SSL, (http://HOST/API works)
but (https://host/api fails)
by giving following error.
winhttpsendrequest 12029 a connection with the server could not be established.
From same windows 7, PostMan can successfully post https request.
No clue of what could be wrong with the implementation.
Can any one share what could be the reason of failing the POST request on windows 7?
I'm a bit late with the answer but I hope that it might help others who face the same problem ...
I think that your server insists on using tls version higher than 1.0 which is a default on Windows 7. Unfortunately cpprestsdk cannot be configured to use a specific tls version. On Windows cpprestsdk uses WinHTTP which exposes two handles but only one of them can be used to configure tls (I do not remember handle names at the moment). Unfortunately the native handle that cpprestsdk has access to cannot be used to configure tls.
The only workaround is to configure Windows 7 (and indirectly WinHTTP) to use a specific tls version as default. Instructions on how to do that can be found here: https://support.microsoft.com/en-ca/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi.
Related
I am working with microsoft bot emulator and everytime I make a request to an external link my office proxy blocks it and application returns 407 error. To work around this I tried following hacks.
Hack #1:
Used fiddler 4 with auto authenticate rule enabled. But I found it doesn't work for ntlm proxy.
I also found that the request which are completing with 200 status code has a proxy-authorization header with some encoded content. but I don't know how to set this header for all the requests.
Hack #2:
Installed and ran a cntlm proxy, still same error.
I am using Micosoft bot framework 4 with dotnet core and bot emulator 4.10, Os: windows 7
Please help let me know if I can somehow make it work around ntlm proxy.
Looks like the office network is very restricted when it comes to network access.
May be you should better talk to your IT department if you can't get a PC that is located in a different subnet that is less restrictive. Or if you are lucky the change the configuration for your PC so that you can access the required servers without proxy.
I've got a windows forms app which is deployed through click once. The app was build with .net 4.7.2 and it uses the HttpClient API to access a couple of rest web services, which are hosted on an internal server. As you might expect, the services can only be accessed through HTTPS and the server is configured to suppport all TLS versions (btw, this is a 2016 windows server).
The intranet client app (ie, the windows forms app) is deployed across several internal sub-networks and everything is working well with the exception of a single PC (which belongs to a specific subnetwork - it's the only PC that is using this particular app). This PC will only be able to consume the services when the HttpClient is configured to use TLS 1.1.
Since we're using internal certificates (we have an internal certificate authority for our AD), I've already checked and the certificate with the public key of the entity is already present on the trusted certificate authorities container of the computer where the secure session can't be established through TLS 1.2.
The PC is running Windows 10 Pro (latest version), so it should support TLS 1.2. I've tried emulating the requests from Fiddler and the truth is that I'll only get the results when I configure it to use TLS 1.1.
Without setting the protocol to TLS 1.1, I can see that Fiddler says that the handshake hasn't been established and the service is never "executed".
Now, according to what I've read, I shouldn't have been getting any problems with the code. In fact, I shouldn't have to specify the TLS version (it looks like Windows 10 Pro has out of the box support for TLS 1.2 and that should be the default for WIndows 10. Since I'm using .NET 4.7.2, it should automatically use the system's default protocol), but the truth is that only using tls 1.1 (not tls 1.2!) allows for the secure channel to be established.
I've tried running the code in other machines and everything works out as expected (I can establish the secure channel with tls 1.1 or tls 1.2 or even let it use the system's default protocol).
Since I'm not really a network guy, can anyone point me in the right direction? Do you guys think this can be caused by a firewall? Any ideas?
I mean, it looks like the PC recognizes the certificate used in HTTPS session (if that wasn't the case, then I wouldn't be able to use TLS 1.1, right?), but it seems like there's something in the way that won't let me use TLS 1.2...
Thanks.
Luis
Check our official guidance for TLS: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
If it is one machine problem, I would recommend to create a simple HelloWorld app doing simple request, targeting the same .NET Framework (4.7.2) and then test that on the specific machine vs. other machines. That will tell you for sure if the problem is in your app or in machine/network settings.
Hello I'd like to do https calls from my node.js website running under windows azure emulator but I am not sure how to go about enabling ssl using IIS Express ?
Has anybody got any ideas? I've read and tried implementing different ideas but none seem to work for e.g.
https://tootallnate.net/setting-up-free-ssl-on-your-node-server
I am creating a Facebook app which requires me to do some https calls to the graph etc, but IIS Express crashes each time if it encounters warning messages etc and the call never makes it through.
Anyone got a simple self-signed certificate working within emulator that they can share on how they did it?
There's a difference between making outgoing calls using SSL from your service (for example, using facebook) versus accepting incoming ssl calls (for example, from the browser). If you're making outgoing calls, standard node libraries should work and you'll just need a .pem certificate included in your app to use most of them. If you're accepting https calls on the server, then iis (express) takes care of certificates and your server can treat the incoming call as http
I have an old laptop running WinXPpro and both IE8 and CoolNovo which can download an applet just fine from our Win2008 Server R2 SP1 x64 IIS 7.5.7600.16385. I have a new laptop (same hardware) with a x64 Windows7 and IE9 and CoolNovo which can't download the applet (.jar file) from the same server. I can download this .jar file directly as a url and I can download and run the applet over the internet from the .jar product provider on both laptops just fine. So it has something to do with my new laptop. If we add anonymous authentication to the web server, our app works on both too.
Using fiddler, I can see the NTLM authentication conversation on both laptops. On the old one, it works just fine:
A 401 with the WWW-Authenticat Header is present: Negotiate and one for NTLM
Then a 401 (challenge - NTLM type 2),
Followed by a 200 with the client sending the NTLM type 3 header
On the new laptop, I get the first two 401s, but no 200. It simply tries again with the 401s 2 more times.
Any ideas why the new Windows7 laptop would not be sending a 200 NTLM type3 response to the server or what the issue here might be?
Old Laptop: jre6: 1.6.0_30 checked as the user java runtime env. No System java runtime versions checked.
new Laptop: jre6: 1.6.0_31 checked as the user AND system java runtime env.
TVMIA.
I've encountered the same issue and after looking in server security log a have found two strange record just after each unsuccessful logon:
1. 4624 - successful logon. and just after that:
2. 4634 - successful logoff
Very strange... I've googled for these event codes and found this thread:
SCCM reporting not working on W2K8 R2 64-bit
And the solution to this problem is:
1. Open the IIS Manager and go to your site
2. Double click Authentication under IIS
3. Click on Windows Authentication and then choose "Providers..." under Actions
4. Add NTLM if it isn't there and move it to the top.
5. Click OK
It worked for me!
I am using a digest like (but not digest) custom authentication scheme where the authentication header field of the http request contains username:encryptedtokendata
I do not have any problems with this scheme on on Windows 7 and Azure emulator. However when I deployed my service to Azure's Windows 2008 Server SP2 my authentication header fails to make it through to my wcf service. It is null.
IIS on Windows 7 & Windows 2008 Server has both anonymous and membership authentications enabled (because i use membership for certain authentications). Every other authentication is disabled.
Any ideas what might be causing this issue for me? I searched stack-overflow and google up and down without any luck.
I would check and make sure your authentication module is getting installed in Azure and that it is listed correctly in IIS there. You should be able to remote into the instance and troubleshoot it just like you would on premise.