Sample code for 30+ languages & platforms
SQL Server

HTTPS Windows Integrated Authentication

See more HTTP Examples

This example pertains to running on the Windows operating system only.

It provides guidance on how to send HTTP requests using the current logged-on Windows user credentials. This is where NTLM/Negotiate authentication is used, but the login/password credentials are not explicitly provided by the application, but are implicitly provided based on the Windows logged-on user (i.e. the Windows account for the running process).

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @http int
    EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- Chilkat implements the NTLM protocol directly, which is how it can be used on non-Windows systems.
    -- However, Chilkat can also optionally use Microsoft's SSPI (see https://docs.microsoft.com/en-us/windows/desktop/secauthn/ssp-packages-provided-by-microsoft) 
    -- to allow for Windows Integrated Authentication.

    -- Setting the HTTP Login equal to the empty string, and the Password equal to the keyword "default"
    -- will cause Chilkat to use the Microsoft SSPI w/ integrated authentication.
    EXEC sp_OASetProperty @http, 'Login', ''
    EXEC sp_OASetProperty @http, 'Password', 'default'

    -- We can also explicitly indicate that NTLM or Negotiate authentication is to be used:
    EXEC sp_OASetProperty @http, 'NegotiateAuth', 1

    -- Set various properties unrelated to authentication..
    -- Automatically follow redirects.
    EXEC sp_OASetProperty @http, 'FollowRedirects', 1
    -- Give verbose logging in the LastErrorText (in case there are errors)
    EXEC sp_OASetProperty @http, 'VerboseLogging', 1
    -- Optionally log the exact session to a file (for debugging)
    EXEC sp_OASetProperty @http, 'SessionLogFilename', 'c:/someDir/session.txt'
    -- Perhaps you wish to be seen as a browser on Mac OS X..
    EXEC sp_OASetProperty @http, 'UserAgent', 'Mozilla/5.0 (Windows NT; Windows NT 6.1; en-GB) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.500.0 Safari/534.6'

    -- Note: If the result of authentication is to set Cookies that are used in subsequent requests,
    -- then make sure Chilkat both saves and sends cookies: 
    EXEC sp_OASetProperty @http, 'SaveCookies', 1
    EXEC sp_OASetProperty @http, 'SendCookies', 1
    EXEC sp_OASetProperty @http, 'CookieDir', 'memory'

    -- Send a GET request to a URL, using Windows Integrated Authentication...
    DECLARE @responseStr nvarchar(4000)
    EXEC sp_OAMethod @http, 'QuickGetStr', @responseStr OUT, 'https://somewhere.net/api/user'
    EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        RETURN
      END


    EXEC sp_OAGetProperty @http, 'LastStatus', @iTmp0 OUT
    PRINT 'response status code = ' + @iTmp0

    PRINT 'response header:'
    EXEC sp_OAGetProperty @http, 'LastHeader', @sTmp0 OUT
    PRINT @sTmp0

    PRINT '----'

    PRINT @responseStr

    EXEC @hr = sp_OADestroy @http


END
GO