EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Getting TElAS2Client to POST to ASP.NET

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#23963
Posted: 03/06/2013 08:49:08
by Lee Chapman (Basic support level)
Joined: 03/06/2013
Posts: 4

Hi,

I'm trying to set up an AS2 receiver inside ASP.NET (using the components in EDIBlackbox package of SecureBlackbox). I'm using the EldoS\SecureBlackbox.NET\Samples\C#\EDIBlackbox\AS2\Sender sample to create a test AS2 message and post it to ASP.NET. I've got a bare-bones IHttpHander in ASP.NET:

public class HttpHandler : IHttpHandler
{
public bool IsReusable
{
get
{
return true;
}
}

public void ProcessRequest(HttpContext context)
{
throw new System.NotImplementedException();
}
}

I've got a breakpoint set on the ProcessRequest() method. If I browse to http://localhost/test.as2 from a web browser, then I hit my breakpoint, so I know that the IHttpHandler is configured correctly. However, if I use the AS2\Sender sample project to post to this same URL, then I get an HTTP 400 error in the log without hitting my breakpoint. It appears that IIS is stepping in and rejecting the request before it even gets to my code. The test messages is encrypted. I've changed the sender sample to use HTTP 1.1 instead of the default 1.0.

I'm running on ASP.NET 3.5 in IIS 5.1 on Windows XP SP3. (Yes, I know it's an old box, but it should still work, right?) SecureBlackbox version 10.0.233.0.

If I post to the sample receiver project, then everything works as expected. However, that project uses its own HttpListener, and if I'm to use your component in production, then I need to be able to host my receiver in ASP.NET. How can I do this? Are there any working samples anyone can provide me with? I need to prove that this is a viable solution ASAP.
#23964
Posted: 03/06/2013 09:52:38
by Alexander Ionov (EldoS Corp.)

Thank you for your request.

Quote
Lee Chapman wrote:
If I browse to http://localhost/test.as2 from a web browser, then I hit my breakpoint, so I know that the IHttpHandler is configured correctly. However, if I use the AS2\Sender sample project to post to this same URL, then I get an HTTP 400 error in the log without hitting my breakpoint.

Unfortunatelly we cannot say exactly why you get 400 error because we have no idea about your server configuration and the script (test.as2) which handles the transferred data. The only difference I can see right now is that the browser uses GET request but TElAS2Client class uses POST instead - this could be the problem reason.


--
Best regards,
Alexander Ionov
#23968
Posted: 03/06/2013 13:07:54
by Lee Chapman (Basic support level)
Joined: 03/06/2013
Posts: 4

Hi Alexander,

Thanks for the quick reply.

No, it's not the difference between GET and POST.

I've captured the HTTP request TElAS2Client is sending and written a little console app to throw it down a socket to ASP.NET. That reproduces the problem. By cutting various bits out of the request, I've identified that the problem is due to the HTTP header folding that you're doing to the Content-Disposition header.

A request with a folded Content-Disposition header will generate a 400 error:

Code
Content-Disposition: attachment;
    filename="smime.p7m"

The same request with a Content-Disposition header that isn't folded gets through just fine:

Code
Content-Disposition: attachment; filename="smime.p7m"

I see from the forums that you've had a similar problem reported by someone integrating with SAP, and quoting RFCs at me here won't help: by the letter of the RFCs, I accept that ASP.NET is in the wrong here, but if your component won't work out of the box with prevalent technologies such as ASP.NET and SAP, then it's not much good to me. RFC 822 states that "long" is commonly interpreted to mean greater than 65 or 72 characters and goes on to say that this limit is not imposed by the RFC, and so the folding you are applying to the Content-Disposition field, while legal, is not necessary for the message to conform to the standard.

Are you willing and able to disable folding of certain headers to make the component more useful in a wider range of applications?

Thanks,
- Lee
#23969
Posted: 03/07/2013 02:12:10
by Alexander Ionov (EldoS Corp.)

Since the problem happens repeatedly, we'll remove header fields folding by default but also will add a setting to use folding if necessary.
The change will be available in the next SecureBlackbox build.


--
Best regards,
Alexander Ionov
#23976
Posted: 03/07/2013 05:09:08
by Lee Chapman (Basic support level)
Joined: 03/06/2013
Posts: 4

Thanks, Alexander.

Can you give me some indication of when I will be able to download that update as an evaluation version?

Thanks,
- Lee
#23977
Posted: 03/07/2013 05:11:35
by Eugene Mayevski (EldoS Corp.)

The next build is expected in 3-4 weeks.


Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 896 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!