Authorization data saved in xmlhttprequest with VBA

Question

I am calling a Webservice with basic authentication with VBA. The problem I have is that the user/password is stored after the first successful call. That means I can put wrong user/password in the next calls and it works just the same.

Set objRequest = CreateObject("MSXML2.XMLHTTP")
blnAsync = True
With objRequest
    .Open "GET", strUrl, blnAsync
    .setRequestHeader "Authorization", "Basic " + EncodeBase64(user + ":" + passw)
    .Send
    'spin wheels whilst waiting for response
    While objRequest.readyState <> 4
        DoEvents
    Wend
    strResponse = .responseText
End With

If I call the Webservice from browser it is the same. First time I need to login, next time it works without login. After I delete cache/cookies/history I need to login again.

My questions:

• Where is this (cache?) data stored if I call from VBA and how to delete this?
• How to prevent VBA from saving the authorization data?

Answer 1

I found the crucial hint to put user/password in the .Open-method here: VBA XMLHTTP disable authentication pop-up

That's how it works for me. The only thing I can't do now is encoding the user & password.

Dim objRequest As MSXML2.XMLHTTP30
Set objRequest = New MSXML2.XMLHTTP30

With objRequest
    .Open "GET", strUrl, blnAsync, user, passw
    .setRequestHeader "Cache-Control", "no-cache"
    .setRequestHeader "Pragma", "no-cache"
    .setRequestHeader "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"
    While objRequest.readyState <> 4
        DoEvents
    Wend
    strResponse = .responseText
End With

Answer 2

To stop the caching, you could try adding:

.setRequestHeader("Cache-Control", "no-cache");
.setRequestHeader("Pragma", "no-cache");
.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");

See also VBA XMLHTTP clear authentication? for more information.