HTTPWebrequest HTTP\1.1 100 Continue

[Guest]

I have written several vb.net routines using httpwebrequest/httpwebresponse
to post data and files to web sites running traditional ASP. However now that
one of those sites has upgraded to ASP.Net I'm having difficulty posting to
it.

I have analyzed the packets between my routine and a browser submission and
it appears the only variation is that the new site is now sending back
HTTP/1.1 100 Continue messages that the browser knows how to respond to but
VB.Net httpwebrequest may not be handling correctly.

Is this a known issue with a workaround when posting to sites that expect a
response to these messages? Below is a look at the continue header and then
the ok header.


HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Sat, 04 Sep 2004 23:05:31 GMT
X-Powered-By: ASP.NET

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 04 Sep 2004 23:05:31 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: My_Auth=; expires=Tue, 12-Oct-1999 06:00:00 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 790

 

[Guest]

To better illustrate, here is a larger look at the packet and in the middle
you can see the continue being received only in the httpwebrequest version,
the IE6 browser does not receive the continue message:

POST (removed) HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*

Referer: (removed)

Accept-Language: en-us

Content-Type: multipart/form-data;
boundary=---------------------------7d424113708f2

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)

Cache-Control: no-cache

Content-Length: 345

Connection: Keep-Alive

Host: (removed)



HTTP/1.1 100 Continue



---------------------------7d424113708f2

Content-Disposition: form-data; name="sfilename"; filename="c:\Test\test.txt"

Content-type: text/plain



sample data in file

sample more data

One more line

---------------------------7d424113708f2

Content-Disposition: form-data; name="Submit"



Upload!

---------------------------7d424113708f2--

 

[Jerry Pisk]

The problem with the enforcment is that 100 Continue is perfectly valid
response and the response posted below is just fine. You may want to try to
use HTTP/1.0, which doesn't allow this behavior.

Jerry

 

[Guest]

I already tried that before to no avail. I did this by setting the
ProtocolVersion property of the HttpWebRequest object:

http://msdn.microsoft.com/library/d...tHttpWebResponseClassProtocolVersionTopic.asp

 

[Jochen Kalmbach]

I already tried that before to no avail. I did this by setting the
ProtocolVersion property of the HttpWebRequest object:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/
html/frlrfSystemNetHttpWebResponseClassProtocolVersionTopic.asp

Here is a good explaination what has changed and how to disable it:

HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1
http://blogs.msdn.com/gzunino/archive/2004/09/05/225881.aspx

--
Greetings
Jochen

My blog about Win32 and .NET
http://blog.kalmbachnet.de/

 

[Jerry Pisk]

Except that article doesn't apply, the response here is perfectly valid
according to HTTP specs. It seems that Microsoft once again screwed up and
overzealously rejects something that is valid.

Jerry

 

[Guest]

Thanks for all the feedback!

I don't see how to modify the useUnsafeHeaderParsing propery in my VB.Net
code which uses httpwebrequest to perform these automatic uploads. If this is
the correct solution I would greatly appreciate an example of the syntax in
VB.net to modify it.


<configuration>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing=â€true†/>
</settings>
</system.net>
</configuration>

 

[Guest]

I just tried this and it works! What you need to do in modify the .config
file for your program, which resides in the same folder as your executable,
it should be named exactly the same as the executable except you add
".config" at the end. So, if your executable was named:

funkyfresh.exe

the config file would be named:

funkyfresh.exe.config

If it does not exist you can create it via a text editor or you can do
this programmatically via the System.Configuration object.

 

[Guest]

Thanks for all the great feedback, my code is working now!