RPC over HTTPS RpcBindingSetAuthInfoEx Problem

Question

Here's a question more for you old school Windows C++ developers.

I'm trying to connect to an Exchange 2003 server using RPC over HTTP with SSL using ncacn_http but I can't seem to get the right parameters when configuring the binding. I have been able connect to the server locally using ncacn_ip_tcp just fine. I currently have Outlook 2007 configured to connect to the server, so I know it's not a server configuration issue.

I have read through the Exchange Open Protocols to get the correct settings. I've read through the MSDN docs for how to pass in the authentication (NTLM) and to force SSL. I'm getting an ERROR_INVALID_PARAMETER error when calling RpcBindingSetAuthInfoEx. I'm using C++ on Windows.

Here is the simplified but functional code:

RPC_STATUS status;
RPC_CSTR StringBinding;
RPC_BINDING_HANDLE BindingHandle;

status = RpcStringBindingCompose(reinterpret_cast<unsigned char*>("A4F1DB00-CA47-1067-B31F-00DD010662DA"),
             reinterpret_cast<unsigned char*>("ncacn_http"),
             reinterpret_cast<unsigned char*>("exchangeserver"),
             reinterpret_cast<unsigned char*>("6001"),
             reinterpret_cast<unsigned char*>("RpcProxy=rpcproxy"),
             &StringBinding);

status = RpcBindingFromStringBinding(StringBinding, &BindingHandle);
RpcStringFree(&StringBinding);

status = RpcEpResolveBinding(BindingHandle, emsmdb_v0_81_c_ifspec);

SEC_WINNT_AUTH_IDENTITY sec;
sec.User = reinterpret_cast<unsigned char*>("username");
sec.UserLength = 8;
sec.Password = reinterpret_cast<unsigned char*>("password");
sec.PasswordLength = 8;
sec.Domain = reinterpret_cast<unsigned char*>("domain");
sec.PasswordLength = 6;
sec.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

unsigned long auth[1];
auth[0] = RPC_C_HTTP_AUTHN_SCHEME_NTLM;

RPC_HTTP_TRANSPORT_CREDENTIALS ssl;
ssl.TransportCredentials = &sec;
ssl.Flags = RPC_C_HTTP_FLAG_USE_SSL | RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME;
ssl.AuthenticationTarget = RPC_C_HTTP_AUTHN_TARGET_SERVER | RPC_C_HTTP_AUTHN_TARGET_PROXY;
ssl.NumberOfAuthnSchemes = 1;
ssl.AuthnSchemes = (unsigned long *)&auth;
ssl.ServerCertificateSubject = reinterpret_cast<unsigned 
char*>("msstd:servercert");

RPC_SECURITY_QOS_V2 qos;
qos.Version = RPC_C_SECURITY_QOS_VERSION_2;
qos.Capabilities = RPC_C_QOS_CAPABILITIES_DEFAULT;
qos.IdentityTracking = RPC_C_QOS_IDENTITY_DYNAMIC;
qos.ImpersonationType = RPC_C_IMP_LEVEL_IDENTIFY;
qos.AdditionalSecurityInfoType = RPC_C_AUTHN_INFO_TYPE_HTTP;
qos.u.HttpCredentials = &ssl;

status=RpcBindingSetAuthInfoEx(BindingHandle, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_AUTHN_WINNT, (RPC_AUTH_IDENTITY_HANDLE *)&sec, 0, (RPC_SECURITY_QOS *)&qos);

This is where I get stuck. RpcBindingSetAuthInfoEx always returns 0x00000057. Any help on what I'm missing or an example would be great.

Joe

Answer 1

Turns out it was a copy/paste typo error. The DomainLength in the SEC_WINNT_AUTH_IDENTITY struct wasn't getting set.