Jump to content

WinHttp Authentication not working as expected.


Recommended Posts

So I have been bashing my head in for a couple days and have searched both AutoIT forums and Thwack Forums for an answer.  I understand this could be hard to help sense I can't provide a server for someone to help me test against.  I am trying to use the WinHTTP.au3 to connect with Solarwinds Orion SDK thru REST/JSON api calls.  Here is the documentation that they provide.

https://github.com/solarwinds/OrionSDK/wiki/REST

I have been trying just to make a basic connection but for some reason cannot get past the authorization process with WinHTTP.  Here is my test code.

#Region Includes
#include <log4a.au3>
#include "WinHttp.au3"
#EndRegion

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)

;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2])
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $hRequest = _WinHttpOpenRequest($hConnect, _
                "GET", _
                "/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES", _
                "HTTP/1.1")
If @error Then 
    _log4a_Fatal(MsgBox(48, "Error", "Error creating an HTTP request handle.") 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen) 
    Exit 3 
EndIf 

_WinHttpAddRequestHeaders($hRequest, "Authorization: Basic YXV0b2l0X2xvZ2luOnRlc3Q=")
_WinHttpAddRequestHeaders($hRequest, "User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3")
_WinHttpAddRequestHeaders($hRequest, "Host: usandl0213:17778")
_WinHttpAddRequestHeaders($hRequest, "Accept: */*")

_WinHttpSendRequest($hRequest)
If @error Then 
    MsgBox(48, "Error", "Error sending specified request.") 
    Close_request()
    Exit 4 
EndIf 

; Wait for the response 
_WinHttpReceiveResponse($hRequest) 
If @error Then 
    MsgBox(48, "Error", "Error waiting for the response from the server.") 
    Close_request()
    Exit 5
EndIf

 Global $sChunk, $sData
; See what's returned 
If _WinHttpQueryDataAvailable($hRequest) Then 
    Global $sHeader = _WinHttpQueryHeaders($hRequest) 
;~  ConsoleWrite(@crlf)
    ConsoleWrite($sHeader & @CRLF) 
    ; Read 
    While 1 
        $sChunk = _WinHttpReadData($hRequest) 
        If @error Then ExitLoop 
        $sData &= $sChunk 
    WEnd 
    ConsoleWrite($sData & @CRLF) ; print to console 

Else 
    MsgBox(48, "Error", "Site is experiencing problems.") 
EndIf 
 Close_request()

Func Close_request()
    ; Close open handles and exit 
    _WinHttpCloseHandle($hRequest) 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

I am definitely connecting to the server but get a 401 Unauthorized response.  Output of above script:

Header:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Date: Thu, 27 Jul 2017 15:31:21 GMT
Content-Length: 1668
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=lgwin2qsbbrip2mxg01fot05; path=/; HttpOnly
Set-Cookie: TestCookieSupport=Supported; path=/
Set-Cookie: Orion_IsSessionExp=TRUE; expires=Thu, 27-Jul-2017 17:31:21 GMT; path=/
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-UA-Compatible: IE=9
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Body:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="stylesheet" type="text/css" href="/orion/js/jquery-1.7.1/jquery-ui.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/orion/styles/orionminreqs.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/webengine/resources/steelblue.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/orion/ipam/res/css/sw-events.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<script type="text/javascript" src="/orion/js/orionminreqs.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript" src="/orion/js/modernizr/modernizr-2.5.3.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript" src="/orion/js/jquery-1.7.1/jquery-1.7.1.framework.min.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript">(function(){var de=$(document.documentElement); de.addClass('sw-is-locale-en'); $.each(jQuery.browser,function(k,v){if(v===true){ de.addClass('sw-is-'+k); de.addClass('sw-is-'+k+'-'+parseInt(jQuery.browser.version)); }}); })();</script>
<script type="text/javascript">SW.Core.Loader._cbLoaded('jquery');</script>
<script type="text/javascript">SW.Core.Date._init(0,-14400000);</script>
<title>

</title></head>
<body>
<script>
    window.location = 'Login.aspx';
</script>
</body>
</html>

To me this looks like it if it is still looking for my credentials.   I did verify that things work as expected using Chrome and REST test client.  I do get certificate errors in IE if I try to go directly.  Bypass certificate issues and page will try to save out to .json file

 

Looking for any help.

Edited by nhardel
Link to post
Share on other sites

I see that but when I change the line to

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2],17778)

or

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2], $array_URL[3])

I get an error back from _WinHTTPReceiveResponse.  I agree that there should be a port change but the server wont respond back with WinHTTP   of course this all works thru chrome and IE directly.   Could the DLL possible not allow non standard ports.  Surely not?      

Link to post
Share on other sites

I tried using _WinHTTPSimpleSSLRequest() but I get no response.  Still fuzzy if I am using it correctly.  Code I used.

#Region Includes
#include <log4a.au3>
#include <Array.au3>
#include "WinHttp.au3"
#EndRegion

;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)

;~ _ArrayDisplay($array_url)

Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf


Global $hConnect = _winhttpConnect($hOpen, $sAddress)
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $aRequest = _WinHttpSimpleSSLRequest($hConnect,"GET",$sAddress,Default,Default,Default,True,Default)
If @error Then 
    Switch @error
        Case 1
            _log4a_Fatal("could not open request.") 
        Case 2
            _log4a_Fatal("could not send request.") 
        Case 3
            _log4a_Fatal("could not receive response.") 
        Case 4
            _log4a_Fatal("$iMode is not valid.") 
    EndSwitch
EndIf

_arraydisplay($aRequest)

Close_request()

Func Close_request()
    ; Close open handles and exit 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

 

Edited by nhardel
Link to post
Share on other sites

Okay so I made a few changes and I am getting something out of it again but I am still back to an authorization issue.  However I can see that it is not using the credentials correctly now.  Here is new code:

;solarwinds.au3
#Region Includes
#include-once 
#include <log4a.au3>
#include <Array.au3>
#include "WinHttp.au3"
#EndRegion
    
;~ GET https://localhost:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
;~ Authorization: Basic YWRtaW46
;~ User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3
;~ Host: localhost:17778
;~ Accept: */*


;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)
;~ _ArrayDisplay($array_url)
Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf

Global $hConnect = _winhttpConnect($hOpen, "usandl0213","17778")
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $aRequest = _WinHttpSimpleSSLRequest($hConnect,"GET"  ,$array_url[6]&$array_url[7],Default    , Default,  Default, True        ,  Default,    "Admin",    Default,  1)
;~                 _WinHttpSimpleSSLRequest($hConnect, $sType, $sPath                    , $sReferrer,   $sDta, $sHeader, $fGetHeaders,   $iMode, $sCredName, $sCredPass, $iIgnoreCertErrors)
consolewrite(@error&@crlf)
If @error Then 
    Switch @error
        Case 1
            _log4a_Fatal("could not open request.") 
        Case 2
            _log4a_Fatal("could not send request.") 
        Case 3
            _log4a_Fatal("could not receive response.") 
        Case 4
            _log4a_Fatal("$iMode is not valid.") 
    EndSwitch
EndIf

_arraydisplay($aRequest)

 Close_request()

Func Close_request()
    ; Close open handles and exit 
;~  _WinHttpCloseHandle($hRequest) 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

And here is what the array spits out now

Row|Col 0
[0]|HTTP/1.1 401 Unauthorized
Date: Wed, 02 Aug 2017 15:38:38 GMT
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Basic realm=""


[1]|
[2]|https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES

I had made the most basic user possible within the Solarwinds site "Admin" with no password just to try to get this working.

Link to post
Share on other sites

Holy crap, I got the expected response back.  :D  Thanks so much Inververs.   Let me go play with this for a while and now that I can actually talk to the server see if I can figure out how to do the POST verb and understand JSON arrays.   Again, thanks a lot.

I did have to drop the '& @CRLF' to get this to work.   

Edited by nhardel
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By mLipok
      This is TeamViewer.au3 UDF for TeamViewer API.
      ; #INDEX# ======================================================================== ; Title .........: TeamViewer.au3 ; AutoIt Version : 3.3.10.2++ ; Language ......: English ; Description ...: A collection of function for use with TeamViewer API ; Author ........: mLipok ; Modified ......: ; URL ...........: ; URL ...........: https://www.teamviewer.com/ ; URL ...........: https://www.teamviewer.com/en/integrations/ ; URL ...........: https://integrate.teamviewer.com/en/develop/api/get-started/ ; URL ...........: https://downloadeu1.teamviewer.com/integrate/TeamViewer_API_Documentation.pdf ; Remarks .......: This UDF was created based on TeamViewer_API_Documentation.pdf v 1.4.1 ; Remarks .......: This UDF is using Free Chilkat component look here https://www.autoitscript.com/forum/files/file/433-chilkat-udf/ ; Remarks .......: Documentation is "work in progress" ; Date ..........: 2017/02/08 ; Version .......: 0.1.1 BETA - Work in progress ; ================================================================================ in TeamViewer_Example.au3 you can see few examples:

       
      Func _Example() ; If not exist then create new INI file from template If Not FileExists('TeamViewer_Example.ini') Then FileCopy('TeamViewer_Example — Template.ini', 'TeamViewer_Example.ini') ; Read Access Token from INI Local $sTV_AccessToken = IniRead('TeamViewer_Example.ini', 'Settings', 'AccessToken', '') If $sTV_AccessToken = '' Then ; Your Access Token, can be left empty when OAuth (below) is configured. ; ClientId = <----------------- Create an app in your TeamViewer Management Console and insert the client ID to the INI ; ClientSecret = <------------- Insert your client secret to the INI ; AuthorizationCode = <-------- Visit https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=YOUR$i_ClientIdHERE ; Login, grant the permissions (popup) and put the code shown in the AuthorizationCode variable to the INI Local $sTVOAuth_ClientID = IniRead('TeamViewer_Example.ini', 'OAuth2', 'ClientID', '') Local $sTVOAuth_ClientSecret = IniRead('TeamViewer_Example.ini', 'OAuth2', 'ClientSecret', '') _IECreate('https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=' & $sTVOAuth_ClientID) ; Local $sTVOAuth_AuthorizationCode = IniRead('TeamViewer_Example.ini', 'OAuth2', 'authorizationCode', '') Local $sTVOAuth_AuthorizationCode = InputBox('AuthorizationCode', 'Please provide TV OAuth2 AuthorizationCode') If @error Then Return If $sTVOAuth_ClientID Then $sTV_AccessToken = _TVAPI_RequestOAuth2_AccessToken($sTVOAuth_ClientID, $sTVOAuth_ClientSecret, $sTVOAuth_AuthorizationCode) EndIf If $sTV_AccessToken Then _TVAPI_AccessToken($sTV_AccessToken) If _TVAPI_Ping() = True Then ; ping API to check connection and $sTV_AccessToken _Example_TeamViewer__1_Devices_SaveToFile() ;~ _Example_TeamViewer__2_Devices_ChangeDetails() ;~ _Example_TeamViewer__3_Devices_GetDevicesSingleID() ;~ _Example_TeamViewer__4_Reports_GetAllConnections() ;~ _Example_TeamViewer__5_Users_GetUserInfomation() ;~ _Example_TeamViewer__6_Groups_ListGroups() ;~ _Example_TeamViewer__7_Devices_AddDeleteDevice() Else MsgBox(0, '_TVAPI_Ping', "$v_Token or connection problem.") EndIf EndFunc ;==>_Example You can download it here:
      I'm using TeamViewer_Example.ini to store my secret tokens/keys.
      [Settings] AccessToken= [OAuth2] ClientID= ClientSecret= authorizationCode=  
    • By adityaparakh
      Hello ,
      I am trying to use Websockets in AutoIt.
      It is to fetch live stock market prices , API is provided and documentation available for python language.
      The link for the code snippet is :
      https://symphonyfintech.com/xts-market-data-front-end-api-v2/#tag/Introduction
      https://symphonyfintech.com/xts-market-data-front-end-api-v2/#tag/Instruments/paths/~1instruments~1subscription/post
       
      https://github.com/symphonyfintech/xts-pythonclient-api-sdk
       
      Second Link is to subscribe to a list of ExchangeInstruments.
      Now I would like to get live stock ltp (LastTradedPrice) for a few stocks whose "ExchangeInstrumentID" I know.
      I am able to use the WinHttp object to perform actions using simple codes like below :
      I have the secretKey and appkey and can generate the needed token. And get the unique ExchangeInstrumentID.

      Below code is just for example of how I am using WinHttp. Unrelated to socket part.
      Global $InteractiveAPItoken = IniRead(@ScriptDir & "\Config.ini", "token", "InteractiveAPItoken", "NA") $baseurl = "https://brokerlink.com/interactive/" $functionurl = "orders" $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("POST", $baseurl & $functionurl, False) $oHTTP.SetRequestHeader("Content-Type", "application/json;charset=UTF-8") $oHTTP.SetRequestHeader("authorization", $InteractiveAPItoken) $pD = '{ "exchangeSegment": "NSEFO", "exchangeInstrumentID": ' & $exchangeInstrumentID & ', "productType": "' & $producttype & '", "orderType": "MARKET", "orderSide": "' & $orderside & '", "timeInForce": "DAY", "disclosedQuantity": 0, "orderQuantity": ' & $qty & ', "limitPrice": 0, "stopPrice": 0, "orderUniqueIdentifier": "' & $orderidentifier & '"}' $oHTTP.Send($pD) $oReceived = $oHTTP.ResponseText $oStatusCode = $oHTTP.Status
          
          
      But am struggling to understand and use socket.
      Would be of great help if you can have a look at the link mentioned above and help with the code sample for AutoIt.
      To connect and listen to a socket.
      Thanks a lot
       
    • By nacerbaaziz
      hello guys, please i need your help
      am trying to work with CreateWindowEx api, i created the window with it controls, also i setup the call back function
      i'am using WinMSGLoop to focus with the keyboard.
      here i have a problem, i hope that you can help me.
      on the controls i used the UDF that comme with the autoit, such as _GUIButton_Create, _GUIListBox_Create....
      but i can't find a STATIC control UDF, for that i used this

      local $h_ssrvlbl = _WinAPI_CreateWindowEx(0, "STATIC", "الخادم", BitOr($WS_VISIBLE, $WS_CHILD, $WS_CLIPSIBLINGS, $WS_CLIPCHILDREN), 250, 10, 100, 20, $hWnd)
      as you can see here, there is an arabic text, so here is the problem, the arabic text isn't show normally, what is the problem here?
      also i have  an other question about keyboard focus, when i used WinMSGLoop, it worked, but if i press alt+tab to switch windows or focus an other window and return back to my window, the focus of control is kill.
      can any one help me to solve that please?
      my code will be as file here with the include files
      i hope can any one help me here
      thanks in advance
       
      speed Test win.zip
    • By rcmaehl
      Hi all, 

      Recently my work swapped from Cisco CTIOS to Finesse. This completely threw me off as I had been automating the Win32 application and I had never done IUIAutomation before. As such I've been messing around with the API and will be adding code as I figure it out. While I do have Supervisor access, I will likely not be adding functions for those features yet.
      Currently Available Functions:
      User API - Query and Set User Info
      Dialog API - Query and Set Call and other Dialog Info
      Queue API - Query Assigned Queues
      Team API - Query Users in a Team


      Changelog:
       
      Download:
       
      Support:
      Support for this UDF can be obtained in my Discord Server
    • By tarretarretarre
      About AutoIt-API-WS
      AutoIt-API-WS is a light weight web server with expressive syntax, with the sole purpose of wrapping your existing AutoIt app with little to no effort.
      With AutoIt-API-WS you can send and receive data between any application or framework, as long they can handle HTTP requests, which is an industry standard today.
      Like my other communcations UDF AutoIt-Socket-IO AutoIt-API-WS is heavily inspired from the big boys, but this time its Laravel and Ruby on Rails.
      Features Highlights
      No external or internal dependencies required RESTful mindset when designed Expressive syntax Small codebase Heavy use of Michelsofts Dictionary object Limitations
      Not complient with any RFC, so something important could be missing. Time will tell! One persons slow loris attack will kill the process forever. Example of implemetnation (With screenshots)
      This is a basic cRud operation with the RESTful mindset in use.
      #include "API.au3" #include <Array.au3> _API_MGR_SetName("My APP DB adapter") _API_MGR_SetVer("1.0 BETA") _API_MGR_SetDescription("This adapter allows you to get this n that") _API_MGR_Init(3000) _API_MGR_ROUTER_GET('/users', CB_GetUsers, 'string sortBy', 'Get all users, sortBy can be either asc or desc. asc is default') _API_MGR_ROUTER_GET('/users/{id}', CB_GetUsersById, 'int id*', 'Get user by id') While _API_MGR_ROUTER_HANDLE() WEnd Func DB_GetUsers() Local $userA = ObjCreate("Scripting.Dictionary") Local $userB = ObjCreate("Scripting.Dictionary") $userA.add('id', 1) $userA.add('name', 'TarreTarreTarre') $userA.add('age', 27) $userB.add('id', 2) $userB.add('name', @UserName) $userB.add('age', 22) Local $aRet = [$userA, $userB] Return $aRet EndFunc Func CB_GetUsers(Const $oRequest) Local $aUsers = DB_GetUsers() If $oRequest.exists('sortBy') Then Switch $oRequest.item('sortBy') Case Default Case 'asc' Case 'desc' _ArrayReverse($aUsers) EndSwitch EndIf Return $aUsers EndFunc Func CB_GetUsersById(Const $oRequest) Local Const $aUsers = DB_GetUsers() Local $foundUser = Null For $i = 0 To UBound($aUsers) -1 Local $curUser = $aUsers[$i] If $curUser.item('id') == $oRequest.item('#id') Then $foundUser = $curUser ExitLoop EndIf Next If Not IsObj($foundUser) Then Return _API_RES_NotFound(StringFormat("Could not find user with ID %d", $oRequest.item('#id'))) EndIf return $foundUser EndFunc When you visit http://localhost:3000 you are greeted with this pleasent view that will show you all your registred routes and some extra info you have provided.

      When you visit http://localhost:3000/users the UDF will return the array of objects as Json
       
      And here is an example of http://localhost:3000/users/1

       
      More examples can be found here
       
       (NEWEST 2020-09-21)
      Autoit-API-WS-1.0.3-beta.zip
      OLD VERSIONS
      Autoit-API-WS-1.0.0-beta.zip Autoit-API-WS-1.0.1-beta.zip
       
×
×
  • Create New...