The same appears to be true for XmlHttpRequest object. Since the server does not stop and ask for a cert in one way SSL it appears that WinHTTP will just complete the request and send back the data.
It seems it only returns back to the client if the server returns a request for a certificate. Believe me, I'd love to just write this in Python and be done with it.ĮDIT: It appears as per the below documentation that WinHTTP does not work with one way authentication. I know the technology I'm working with isn't optimal for what I'm doing, but it's what I have at the moment. TL DR: Is there a way in Access VBA to make a call to a REST API using One-Way SSL, pass the call a certificate not installed in the local certificate store, and have the API call return an error when it is unable to authenticate the server? Essentially I'm looking to replicate the Python Requests library functionality in VBA for One-Way SSL where you can pass the cert from any valid file location and Python will run it. Is there any other way I can authenticate a REST API using one-way SSL in VBA without using a certificate store? It looks like WinHTTP only works with certs stored in a certificate store, which isn't feasible. SendClientCertificate but it just ignores the cert with no error. I tried loading the cert into a string and passing that to. I need to avoid loading the cert into a local store (as installing this cert on 100's of client would be not feasible).
#Access api vba code#
However, the problem is, if I pass the certificate the code will return data regardless if the cert has lines removed, is the wrong cert, or even if the cert doesn't exist. When attempting to do the same in VBA (using WinHTTP) I can get the code to return the data if I don't attempt to use a certificate as expected. I can also mess up or delete the cert and Python will reject the handshake with an error when it can't determine the identity of the server - exactly what I want. I can pass Python the cert from any valid file location and validate the certificate to make the secure handshake. I've successfully developed the code in Python using the requests library. We've been told we need to do the SSL handshaking due to the possibility of man in the middle attacks even though the API only faces our internal network. If the client decides it cannot determine the identity of the server then its up to the client application to reject the handshake. As far as I understand it, this means the API server does not validate the credentials of the client - the client has access to a generic certificate and when the API is called the API server offers its certificate for validation. The REST API I'm calling is on our internal network and uses one-way SSL. In order to prevent a complicated server side script setup using MS SQL Server, Python, and Access front ends to allow our server to make the API call, I need the Access front ends to make the actual API call. I've implemented the code in Python but the solution can't be deployed to end users in Python. I'm attempting to implement a new method of data gathering to several existing Access solutions - calling a REST API.
0 kommentar(er)
