nhardel

WinHttp Authentication not working as expected.

9 posts in this topic

#1 ·  Posted (edited)

So I have been bashing my head in for a couple days and have searched both AutoIT forums and Thwack Forums for an answer.  I understand this could be hard to help sense I can't provide a server for someone to help me test against.  I am trying to use the WinHTTP.au3 to connect with Solarwinds Orion SDK thru REST/JSON api calls.  Here is the documentation that they provide.

https://github.com/solarwinds/OrionSDK/wiki/REST

I have been trying just to make a basic connection but for some reason cannot get past the authorization process with WinHTTP.  Here is my test code.

#Region Includes
#include <log4a.au3>
#include "WinHttp.au3"
#EndRegion

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)

;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2])
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $hRequest = _WinHttpOpenRequest($hConnect, _
                "GET", _
                "/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES", _
                "HTTP/1.1")
If @error Then 
    _log4a_Fatal(MsgBox(48, "Error", "Error creating an HTTP request handle.") 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen) 
    Exit 3 
EndIf 

_WinHttpAddRequestHeaders($hRequest, "Authorization: Basic YXV0b2l0X2xvZ2luOnRlc3Q=")
_WinHttpAddRequestHeaders($hRequest, "User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3")
_WinHttpAddRequestHeaders($hRequest, "Host: usandl0213:17778")
_WinHttpAddRequestHeaders($hRequest, "Accept: */*")

_WinHttpSendRequest($hRequest)
If @error Then 
    MsgBox(48, "Error", "Error sending specified request.") 
    Close_request()
    Exit 4 
EndIf 

; Wait for the response 
_WinHttpReceiveResponse($hRequest) 
If @error Then 
    MsgBox(48, "Error", "Error waiting for the response from the server.") 
    Close_request()
    Exit 5
EndIf

 Global $sChunk, $sData
; See what's returned 
If _WinHttpQueryDataAvailable($hRequest) Then 
    Global $sHeader = _WinHttpQueryHeaders($hRequest) 
;~  ConsoleWrite(@crlf)
    ConsoleWrite($sHeader & @CRLF) 
    ; Read 
    While 1 
        $sChunk = _WinHttpReadData($hRequest) 
        If @error Then ExitLoop 
        $sData &= $sChunk 
    WEnd 
    ConsoleWrite($sData & @CRLF) ; print to console 

Else 
    MsgBox(48, "Error", "Site is experiencing problems.") 
EndIf 
 Close_request()

Func Close_request()
    ; Close open handles and exit 
    _WinHttpCloseHandle($hRequest) 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

I am definitely connecting to the server but get a 401 Unauthorized response.  Output of above script:

Header:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Date: Thu, 27 Jul 2017 15:31:21 GMT
Content-Length: 1668
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=lgwin2qsbbrip2mxg01fot05; path=/; HttpOnly
Set-Cookie: TestCookieSupport=Supported; path=/
Set-Cookie: Orion_IsSessionExp=TRUE; expires=Thu, 27-Jul-2017 17:31:21 GMT; path=/
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-UA-Compatible: IE=9
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Body:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="stylesheet" type="text/css" href="/orion/js/jquery-1.7.1/jquery-ui.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/orion/styles/orionminreqs.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/webengine/resources/steelblue.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/orion/ipam/res/css/sw-events.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<script type="text/javascript" src="/orion/js/orionminreqs.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript" src="/orion/js/modernizr/modernizr-2.5.3.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript" src="/orion/js/jquery-1.7.1/jquery-1.7.1.framework.min.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript">(function(){var de=$(document.documentElement); de.addClass('sw-is-locale-en'); $.each(jQuery.browser,function(k,v){if(v===true){ de.addClass('sw-is-'+k); de.addClass('sw-is-'+k+'-'+parseInt(jQuery.browser.version)); }}); })();</script>
<script type="text/javascript">SW.Core.Loader._cbLoaded('jquery');</script>
<script type="text/javascript">SW.Core.Date._init(0,-14400000);</script>
<title>

</title></head>
<body>
<script>
    window.location = 'Login.aspx';
</script>
</body>
</html>

To me this looks like it if it is still looking for my credentials.   I did verify that things work as expected using Chrome and REST test client.  I do get certificate errors in IE if I try to go directly.  Bypass certificate issues and page will try to save out to .json file

 

Looking for any help.

Edited by nhardel

Share this post


Link to post
Share on other sites



#2 ·  Posted

1) Port must be 17778. See _WinHttpConnect description

Share this post


Link to post
Share on other sites

#3 ·  Posted

I see that but when I change the line to

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2],17778)

or

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2], $array_URL[3])

I get an error back from _WinHTTPReceiveResponse.  I agree that there should be a port change but the server wont respond back with WinHTTP   of course this all works thru chrome and IE directly.   Could the DLL possible not allow non standard ports.  Surely not?      

Share this post


Link to post
Share on other sites

#4 ·  Posted

Try with _WinHttpSimpleSSLRequest or _WinHttpSimpleSendSSLRequest

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I tried using _WinHTTPSimpleSSLRequest() but I get no response.  Still fuzzy if I am using it correctly.  Code I used.

#Region Includes
#include <log4a.au3>
#include <Array.au3>
#include "WinHttp.au3"
#EndRegion

;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)

;~ _ArrayDisplay($array_url)

Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf


Global $hConnect = _winhttpConnect($hOpen, $sAddress)
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $aRequest = _WinHttpSimpleSSLRequest($hConnect,"GET",$sAddress,Default,Default,Default,True,Default)
If @error Then 
    Switch @error
        Case 1
            _log4a_Fatal("could not open request.") 
        Case 2
            _log4a_Fatal("could not send request.") 
        Case 3
            _log4a_Fatal("could not receive response.") 
        Case 4
            _log4a_Fatal("$iMode is not valid.") 
    EndSwitch
EndIf

_arraydisplay($aRequest)

Close_request()

Func Close_request()
    ; Close open handles and exit 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

 

Edited by nhardel

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Did you try 17778 port? And 

_winhttpConnect

the second parameter is server name, not the full url... 

Edited by Inververs

Share this post


Link to post
Share on other sites

#7 ·  Posted

Okay so I made a few changes and I am getting something out of it again but I am still back to an authorization issue.  However I can see that it is not using the credentials correctly now.  Here is new code:

;solarwinds.au3
#Region Includes
#include-once 
#include <log4a.au3>
#include <Array.au3>
#include "WinHttp.au3"
#EndRegion
    
;~ GET https://localhost:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
;~ Authorization: Basic YWRtaW46
;~ User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3
;~ Host: localhost:17778
;~ Accept: */*


;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)
;~ _ArrayDisplay($array_url)
Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf

Global $hConnect = _winhttpConnect($hOpen, "usandl0213","17778")
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $aRequest = _WinHttpSimpleSSLRequest($hConnect,"GET"  ,$array_url[6]&$array_url[7],Default    , Default,  Default, True        ,  Default,    "Admin",    Default,  1)
;~                 _WinHttpSimpleSSLRequest($hConnect, $sType, $sPath                    , $sReferrer,   $sDta, $sHeader, $fGetHeaders,   $iMode, $sCredName, $sCredPass, $iIgnoreCertErrors)
consolewrite(@error&@crlf)
If @error Then 
    Switch @error
        Case 1
            _log4a_Fatal("could not open request.") 
        Case 2
            _log4a_Fatal("could not send request.") 
        Case 3
            _log4a_Fatal("could not receive response.") 
        Case 4
            _log4a_Fatal("$iMode is not valid.") 
    EndSwitch
EndIf

_arraydisplay($aRequest)

 Close_request()

Func Close_request()
    ; Close open handles and exit 
;~  _WinHttpCloseHandle($hRequest) 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

And here is what the array spits out now

Row|Col 0
[0]|HTTP/1.1 401 Unauthorized
Date: Wed, 02 Aug 2017 15:38:38 GMT
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Basic realm=""


[1]|
[2]|https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES

I had made the most basic user possible within the Solarwinds site "Admin" with no password just to try to get this working.

Share this post


Link to post
Share on other sites

#8 ·  Posted

send this headers: $sHeader = 'Authorization: Basic YWRtaW46' & @CRLF

 

1 person likes this

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Holy crap, I got the expected response back.  :D  Thanks so much Inververs.   Let me go play with this for a while and now that I can actually talk to the server see if I can figure out how to do the POST verb and understand JSON arrays.   Again, thanks a lot.

I did have to drop the '& @CRLF' to get this to work.   

Edited by nhardel

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • wakillon
      By wakillon
      HttpHeaderWatcher v1.0.1.3
       

      Some time ago, some members asked how to see the Http Requests.
      There are quite a few external applications but not in AutoIt!
      HttpHeaderWatcher in association with WinPcap, very modestly solves this lack.
       
      Once done this http watcher, i asked me : why not Re-build a WinHttp Request in AutoIt from a selected Request in one Click ?
      So i have added a "Create au3" button who open the WinHttp Request of your choice in AutoIt format in SciTE Editor.
      Voila voila, hope it can help ! 
      Buttons were made online with chimply.com the easy and free buttons generator !
      See Help for more infos.
      previous downloads : 253
      source and executable are available in the Download Section
      Hope you like it !
    • nznet
      By nznet
      Hi Guys,
      I have been trying to write the API calls to Coinigy.com in AutoitScipt. I have managed to solve most of them put are having trouble with the ones that require parameters to be passed.
      The source to the API calls can be found here:
      http://docs.coinigy.apiary.io/#reference/market-data/market-data/data-{type:history}
      Example code from this site:
      curl --include \      --request POST \      --header "Content-Type: application/json" \      --header "X-API-KEY: " \      --header "X-API-SECRET: " \      --data-binary "    {         \"exchange_code\": \"GDAX\",         \"exchange_market\": \"BTC/USD\",         \"type\": \"history\"     }" \ ' https://api.coinigy.com/api/v1/data '  
      This data one is really annoying me. I have the following so far:
      #include <Array.au3> #include <string.au3> #include <MsgBoxConstants.au3> #Region Coinigy Const Global $sCoinigyAPIUrl = "https://api.coinigy.com/api/v1/" #EndRegion Coinigy Const #Region keys Global Const $sCoinigyAPIKey = "" ; just removed my APIKey Global Const $sCoinigyAPISecret = "" ; just removed my APISecret #EndRegion keys $sResults = CoinigyQueryPrivate("data", "exchange_code=GDAX&exchange_market=BTC/USD&type=history") ; Trade history, asks and bids for any supported exchange/market ConsoleWrite("Market Data: " & $sResults & @CRLF & @CRLF) Func CoinigyQueryPrivate($sMethod, $sParameters)     Local $oHTTP = ObjCreate("winhttp.winhttprequest.5.1")     $oHTTP.Open("POST", $sCoinigyAPIUrl & $sMethod, False)     $oHTTP.SetRequestHeader("X-API-KEY", $sCoinigyAPIKey)     $oHTTP.SetRequestHeader("X-API-SECRET", $sCoinigyAPISecret)    ; $oHTTP.Send(Binary($sParameters)) ; tried this as well     $oHTTP.Send($sParameters)     Local $sReceived = $oHTTP.ResponseText     Return $sReceived EndFunc   ;==>CoinigyQueryPrivate  
      If I do other queries that don't require Parameters they work perfectly. I am just totally stumped by the parameter passing queries. I have tried everything and I still can't get it to go. Would really appreciate some help.
      If you want to try for yourself live, Coinigy.com give a free 30 trial.... 
      Please help...
      Thanks in advance.
    • falcontechnics
      By falcontechnics
      Dear master, hello,
      I got the speech API from Google. But I could not find how to use. Could you help me with a simple example?
      "https://speech.googleapis.com/v1/speech:recognize?key=MyKey"
    • nhardel
      By nhardel
      I have been working on trying to develop some scripts to interface with the REST/JSON API from the Orion SDK.  This is where I will ask my questions and hopefully get some community responses that could help benefit others. 
      https://github.com/solarwinds/OrionSDK
      I am trying to create examples of how to interface with the API from autoit.  This should be a knowledge dump for this task.