IIS 5 & IIS 6
Can i capture the data that send from RMS client to RMS server?
Last post Mar 05, 2013 02:52 AM by china.tonny
Mar 04, 2013 03:10 AM|china.tonny|LINK
I just know that ISAPI extension can capture all raw data that send to IIS server and just do a quick test, it seems that it works and can get the client raw data if i send a simple http request from client.
I test open RMS client , my module can't get any useful information at all (even there is not be triggered) and i don't know how to pass the reqiremen to IIS after log the raw data.
Any one know how to capture all data that comes from client and deliver to IIS after log the data??
Mar 04, 2013 07:01 AM|Ken Schaefer|LINK
a) Does the client already have a license for the content? If so, it will not contact the server to get another
b) What version of AD RMS are you using? It may be that RMS registers an endpoint with http.sys (I'm not sure how the newer versions work), in which case IIS does not see the traffic - use a network capture tool instead
Mar 05, 2013 02:52 AM|china.tonny|LINK
Thanks for your reply very much.
a): I just use a new client to access the encrypted documen ,i think it should communicate wit RMS to retrieve some information.
b): I think the version of AD RMS is 2.0 ,i installed it as a role of windows server 2008.
1: The request send from RMS clint can be captured by HttpModules. (.net way), i don't know why my ISAPI extension can't capture it.
2: I just only want to log the http request data and deliver the request to IIS after log,but my code doesn't work at all, it always blcok the http request. the code like below.
DWORD WINAPI HttpExtensionProc(IN EXTENSION_CONTROL_BLOCK *pECB)
DWORD dwBuffSize = 2048;
if(pECB->GetServerVariable(pECB->ConnID, "REMOTE_ADDR", szValue, &dwBuffSize) &&
FILE* fp = fopen("c:\\ISAPIlog\\a.txt","a+b");
if(fp != NULL)
ExecUrlInfo.pszUrl = NULL; // Use original request URL
ExecUrlInfo.pszMethod = NULL; // Use original request method
ExecUrlInfo.pszChildHeaders = NULL; // Use original request headers
ExecUrlInfo.pUserInfo = NULL; // Use original request user info
ExecUrlInfo.pEntity = NULL; // Use original request entity
// Since this extension is intended to be used as a wildcard script
// map, we need to set the below flag to prevent recursion, which
// can occur in some cases.
ExecUrlInfo.dwExecUrlFlags = HSE_EXEC_URL_IGNORE_CURRENT_INTERCEPTOR;
pECB->ServerSupportFunction(pECB->ConnID, HSE_REQ_EXEC_URL, &ExecUrlInfo, NULL, NULL);
Could you know what's the problems?