Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

When you attempt to access a secure URL by using the

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 304420 - Last Review: April 7, 2005 - Revision: 2.1

Accessing a secure URL from a non-secure page with XMLHTTP fails with "Permission denied" error

View products that this article applies to.
This article was previously published under Q304420

On This Page

SYMPTOMS

When you attempt to access a secure URL by using the XMLHTTP request object from a script on a non-secure Web page, you may receive one of the following error messages:

With Msxml2.XMLHTTP:
Permission Denied
With Microsoft.XMLHTTP:
Access is Denied
This problem only occurs if a non-secure page attempts to access a secure page. Accessing a secure page from another secure page does not generate an error.
Back to the top

STATUS

This behavior is by design.
Back to the top

MORE INFORMATION

Steps to Reproduce Behavior

In Microsoft Internet Information Services (IIS), create two Web sites named SiteA and SiteB.Under SiteA, save the following code as Client.asp:
<%@ Language=JavaScript %>
<%
	try
	{
                var Req = Server.CreateObject("Msxml2.DOMDocument.3.0");
                Req.async = false;
                Req.load("http://localhost/book.xml");
		
		Response.Write("<BR>responseText = " + Req.xml);
	}
	catch( e )
	{	
		Response.Write( "Exception!!<BR>");
		Response.Write(e.number + "<BR>");
		Response.Write(e.description + "<BR>");
	}	
%>
Under SiteB, save the following code as Client.htm:
<HTML>
<SCRIPT>

function onLoad()
{
	var Req = new ActiveXObject("Msxml2.XMLHTTP.3.0");
	var newURL  = "http://SiteA/client.asp";
	Req.open("GET", newURL, false);
	Req.send();

	alert(Req.status);
	alert(Req.responseText);
}
	
</SCRIPT>

<BODY onload="onLoad()">
</BODY>
</HTML>
Run the http://localhost/Client.htm file from either of the Web sites. The XML data is displayed. Install Secure Sockets Layer (SSL) on one of the sites, then modify the non-SSL Client.htm page so that it makes a request to Client.asp.Run the non-SSL Client.htm page. You receive the "Permission Denied" error. The Client.htm page on the SSL site does not produce this error.
Back to the top

REFERENCES

302080  (http://kbalertz.com/Feedback.aspx?kbNumber=302080/ ) BUG: "Access is denied" error message when making HTTPS requests with ServerXMLHTTP
Back to the top
APPLIES TO
  • Microsoft XML Parser 3.0
  • Microsoft XML Core Services 4.0
Back to the top
Keywords: 
kbfix kbmsxmlnosweep kbprb KB304420
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting