ledge


Hi, I'm trying to write a block which needs to authenticate with a REST web service using basic authentication. I'm adding an "Authorization" http header with a value of "[username]:[password]", base 64 encoded, but I still get back "Unable to get data ... (error code 401)." It's definitely not a problem with the username and password - are there any issues with this kind of authentication that anyone is aware of

Thanks,
tom



Re: HTTP basic authentication

AndyS


Hmm. That would be the correct way to do it, i just looked at our proxy code and it should be passing the header on to the remote host (we filter out some headers). Could you share your mashup/block so we can have a look The other suggestion would be if you have access to the remote server to see if it is receiving your request correctly - to verify our proxy didn't alter it.






Re: HTTP basic authentication

ledge

My project is shared at http://www.popfly.ms/users/ledge/testo

On the remote server I'm looking for the HTTP_AUTHORIZATION header in Request.ServerVariables (using vbscript, asp 3.0), and that is coming back empty.





Re: HTTP basic authentication

ledge

n.b. an example posted in another thread said to use the method environment.getText(url, headers) but the code supplied with the SDK looks like it should be environment.getText(url, key, headers). I have tried both methods (using a blank key for the second).




Re: HTTP basic authentication

AndyS

Unfortunatley the SDK is a bit out of date Sad. I'm having a look into this now, will post back and thanks for watching the thread Smile.






Re: HTTP basic authentication

AndyS

I'm no ASP expert (in fact i've barely used it Sad). But could you try the SeverVariables AUTH_USER and AUTH_PASSWORD

I'll still check to make sure we don't swallow the header.




Re: HTTP basic authentication

AndyS

Ok are proxy does seem to pass on the headers fine, using the code:
Code Block

var header = new Header("Authorization", "Zm9vOmJhcg==");
var headArray = new Array();
headArray[0] = header;
var returnResponse = environment.getXml(url, null, headArray);


if you try the page:
http://75.125.49.194/HTTP_Auth.aspx
You should see:
Authorization: Zm9vOmJhcg==
The response should just contain the contents of the Authorization header.

So the next question is; what's your server setup like




Re: HTTP basic authentication

ledge

I've copied and pasted that code into the testAuth function in my sosius block, and I'm afraid it doesn't work! I just see "HTTP Authorization header:", with no value. If I call the http_auth.aspx page outside of the popfly environment, then it works fine. Can you look at that function in my block and confirm

Thanks for trying to sort this out!






Re: HTTP basic authentication

AndyS

Don't suppose you could paste a valid user name and password so i could test

Thanks!





Re: HTTP basic authentication

ledge

The testAuth function only calls your page that writes out the authorization header value, so you shouldn't need any particular u+p. If you want to try the functions that call our server, try u=testpop, p=qwerty.




Re: HTTP basic authentication

AndyS

Ok, so i think i have gotten a bit further. If you look at the block:
http://www.popfly.ms/users/Andy/AuthTest.details

Try running it with the user/pass above it seems to get a response from your server with a response code of 400. The body of the response is:

Code Block

< xml version='1.0' ><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1
/DTD/xhtml1-strict.dtd"><html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'><head><title
>test</title>
<link rel='stylesheet' type='text/css' href='/ww/themes/3/api.css' />
</head>
<body>
<h1>error</h1><h2>validation error</h2><dl class='error'><dt>permissions</dt><dd>no view permission<
/dd></dl></body></html>



Is that expected




Re: HTTP basic authentication

ledge

Yep, that's good. Ok there seems to be a difference between environment.getText and environment.getXml. getXml, which your block uses, works. getText still returns a 401 error. I'm not really sure how that could happen but that's definitely what I'm seeing. And we need to use getText so we can read in a json response.




Re: HTTP basic authentication

AndyS

D'oh i forgot you were trying to use getText Sad.

If getText is broken, which would seem to be the case (will look into it) you can use the new environment.getHttpResponsewhich is currently undocumented as we haven't updated it yet Sad ).

I've updated my block to use it and it seems to work.

Also you can use the AJAX JSON serializer to get the objects:
Code Block

var something = Sys.Serialization.JavaScriptSerializer.deserialize(jsonText);


Instead of eval, it just parses the JSON and is a bit more secure as it doesn't just execute the string instead it ensures the string is an object/array.

Hope that helps






Re: HTTP basic authentication

ledge

Yep, using the responseText property of getHttpResponse, it all works fine now. Thanks again