0

Please bear with me - I am trying to make a WinHttp.WinHttpRequest.5.1 to retrieve data back from an API. After research i am using the below code.

If I enter the url below directly into the browser, a popup box comes up to enter username and password, when populated the response shows on the page. When sending the request using the below code, we get the error Server returned: 401 Forbidden. 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied. So its like the set credentials of username and password is not passing through on the request. Do I need to post the login credentials in some other way ?

Dim http: Set http = Server.CreateObject("WinHttp.WinHttpRequest.5.1")
http.Option[WinHttpRequestOption_SslErrorIgnoreFlags] = SslErrorFlag_Ignore_All
http.Option(4) = "0x3300"



Dim url: url = "https://myurl.com"

With http  


  Call .Open("GET", url, False)
  Call .SetCredentials("username","passsword", HTTPREQUEST_SETCREDENTIALS_FOR_SERVER)

  Call .Send()

  End With



If Left(http.Status, 1) = 2 Then

'Request succeeded with a HTTP 2xx response, do something...

Else
'Output error

Call Response.Write("Server returned: " & http.Status & " " & http.StatusText & " " & 
 http.ResponseText)

End If

EDIT

Replaced .SetCredentials with
call .setRequestHeader("Authorization", "Basic " + (username+":"+password))

Error changed to: Server returned: 500 Internal Server Error {"HttpStatus":500,"ReasonPhrase":"REST API Exception","ErrorMessage":"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ","ErrorType":"System.FormatException"

Emma
  • 577
  • 1
  • 13
  • 27
  • Can you run [fiddler](https://www.telerik.com/download/fiddler) or some other web request debugger to see if the credentials are being passed? – user692942 Sep 16 '20 at 12:23
  • 3
    Does this answer your question? [classic asp calling an api using addheader for authorization](https://stackoverflow.com/questions/28188457/classic-asp-calling-an-api-using-addheader-for-authorization) – user692942 Sep 16 '20 at 12:25
  • 2
    Thank you. Formatted slightly differently the error no longer happens if i base64 the colon aswell as one string call .setRequestHeader("Authorization", "Basic " + "base64ofusernamecolonpassword") Now to see how i can display the response :) – Emma Sep 16 '20 at 12:37
  • 2
    No problem, glad that worked. For reference, it's actually part of the [HTTP Basic Authorization Scheme - \[2\]](https://www.ietf.org/rfc/rfc2617.txt) - *"To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 [7] encoded string in the credentials."*. So not specific to Classic ASP. – user692942 Sep 16 '20 at 12:42

0 Answers0