Jump to content

WinHttp Authentication not working as expected.

Nhardel
 Share

Recommended Posts

Nhardel Seeker

Nhardel

Posted
Posted (edited)

So I have been bashing my head in for a couple days and have searched both AutoIT forums and Thwack Forums for an answer.  I understand this could be hard to help sense I can't provide a server for someone to help me test against.  I am trying to use the WinHTTP.au3 to connect with Solarwinds Orion SDK thru REST/JSON api calls.  Here is the documentation that they provide.

https://github.com/solarwinds/OrionSDK/wiki/REST

I have been trying just to make a basic connection but for some reason cannot get past the authorization process with WinHTTP.  Here is my test code. 

#Region Includes
#include <log4a.au3>
#include "WinHttp.au3"
#EndRegion

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)

;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2])
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $hRequest = _WinHttpOpenRequest($hConnect, _
                "GET", _
                "/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES", _
                "HTTP/1.1")
If @error Then 
    _log4a_Fatal(MsgBox(48, "Error", "Error creating an HTTP request handle.") 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen) 
    Exit 3 
EndIf 

_WinHttpAddRequestHeaders($hRequest, "Authorization: Basic YXV0b2l0X2xvZ2luOnRlc3Q=")
_WinHttpAddRequestHeaders($hRequest, "User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3")
_WinHttpAddRequestHeaders($hRequest, "Host: usandl0213:17778")
_WinHttpAddRequestHeaders($hRequest, "Accept: */*")

_WinHttpSendRequest($hRequest)
If @error Then 
    MsgBox(48, "Error", "Error sending specified request.") 
    Close_request()
    Exit 4 
EndIf 

; Wait for the response 
_WinHttpReceiveResponse($hRequest) 
If @error Then 
    MsgBox(48, "Error", "Error waiting for the response from the server.") 
    Close_request()
    Exit 5
EndIf

 Global $sChunk, $sData
; See what's returned 
If _WinHttpQueryDataAvailable($hRequest) Then 
    Global $sHeader = _WinHttpQueryHeaders($hRequest) 
;~  ConsoleWrite(@crlf)
    ConsoleWrite($sHeader & @CRLF) 
    ; Read 
    While 1 
        $sChunk = _WinHttpReadData($hRequest) 
        If @error Then ExitLoop 
        $sData &= $sChunk 
    WEnd 
    ConsoleWrite($sData & @CRLF) ; print to console 

Else 
    MsgBox(48, "Error", "Site is experiencing problems.") 
EndIf 
 Close_request()

Func Close_request()
    ; Close open handles and exit 
    _WinHttpCloseHandle($hRequest) 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

I am definitely connecting to the server but get a 401 Unauthorized response.  Output of above script:

Header: 

HTTP/1.1 401 Unauthorized
Cache-Control: private
Date: Thu, 27 Jul 2017 15:31:21 GMT
Content-Length: 1668
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=lgwin2qsbbrip2mxg01fot05; path=/; HttpOnly
Set-Cookie: TestCookieSupport=Supported; path=/
Set-Cookie: Orion_IsSessionExp=TRUE; expires=Thu, 27-Jul-2017 17:31:21 GMT; path=/
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-UA-Compatible: IE=9
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Body: 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="stylesheet" type="text/css" href="/orion/js/jquery-1.7.1/jquery-ui.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/orion/styles/orionminreqs.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/webengine/resources/steelblue.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<link rel="stylesheet" type="text/css" href="/orion/ipam/res/css/sw-events.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" />
<script type="text/javascript" src="/orion/js/orionminreqs.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript" src="/orion/js/modernizr/modernizr-2.5.3.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript" src="/orion/js/jquery-1.7.1/jquery-1.7.1.framework.min.js.i18n.ashx?l=en-US&v=42660.90.L"></script>
<script type="text/javascript">(function(){var de=$(document.documentElement); de.addClass('sw-is-locale-en'); $.each(jQuery.browser,function(k,v){if(v===true){ de.addClass('sw-is-'+k); de.addClass('sw-is-'+k+'-'+parseInt(jQuery.browser.version)); }}); })();</script>
<script type="text/javascript">SW.Core.Loader._cbLoaded('jquery');</script>
<script type="text/javascript">SW.Core.Date._init(0,-14400000);</script>
<title>

</title></head>
<body>
<script>
    window.location = 'Login.aspx';
</script>
</body>
</html>

To me this looks like it if it is still looking for my credentials.   I did verify that things work as expected using Chrome and REST test client.  I do get certificate errors in IE if I try to go directly.  Bypass certificate issues and page will try to save out to .json file

 

Looking for any help.

Edited by nhardel
Link to comment
Share on other sites
Nhardel Seeker

Nhardel

Posted
  • Author
Posted

I see that but when I change the line to 

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2],17778)

or 

Global $hConnect = _winhttpConnect($hOpen, $array_URL[2], $array_URL[3])

I get an error back from _WinHTTPReceiveResponse.  I agree that there should be a port change but the server wont respond back with WinHTTP   of course this all works thru chrome and IE directly.   Could the DLL possible not allow non standard ports.  Surely not?      

Link to comment
Share on other sites
Nhardel Seeker

Nhardel

Posted
  • Author
Posted (edited)

I tried using _WinHTTPSimpleSSLRequest() but I get no response.  Still fuzzy if I am using it correctly.  Code I used. 

#Region Includes
#include <log4a.au3>
#include <Array.au3>
#include "WinHttp.au3"
#EndRegion

;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)

;~ _ArrayDisplay($array_url)

Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf


Global $hConnect = _winhttpConnect($hOpen, $sAddress)
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $aRequest = _WinHttpSimpleSSLRequest($hConnect,"GET",$sAddress,Default,Default,Default,True,Default)
If @error Then 
    Switch @error
        Case 1
            _log4a_Fatal("could not open request.") 
        Case 2
            _log4a_Fatal("could not send request.") 
        Case 3
            _log4a_Fatal("could not receive response.") 
        Case 4
            _log4a_Fatal("$iMode is not valid.") 
    EndSwitch
EndIf

_arraydisplay($aRequest)

Close_request()

Func Close_request()
    ; Close open handles and exit 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

 

Edited by nhardel
Link to comment
Share on other sites
Nhardel Seeker

Nhardel

Posted
  • Author
Posted

Okay so I made a few changes and I am getting something out of it again but I am still back to an authorization issue.  However I can see that it is not using the credentials correctly now.  Here is new code: 

;solarwinds.au3
#Region Includes
#include-once 
#include <log4a.au3>
#include <Array.au3>
#include "WinHttp.au3"
#EndRegion
    
;~ GET https://localhost:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
;~ Authorization: Basic YWRtaW46
;~ User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3
;~ Host: localhost:17778
;~ Accept: */*


;~ Row|Col 0
;~ [0]|https
;~ [1]|2
;~ [2]|usandl0213
;~ [3]|17778
;~ [4]|
;~ [5]|
;~ [6]|/SolarWinds/InformationService/v3/Json/Query
;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES

Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES"
Global $array_URL = _WinHttpCrackUrl($sAddress)
;~ _ArrayDisplay($array_url)
Global $hOpen = _winhttpOpen()
If @error Then
    _log4a_Fatal("Error intializing the usage of WinHTTP functions")
    Exit 1
EndIf

Global $hConnect = _winhttpConnect($hOpen, "usandl0213","17778")
If @error Then 
    _log4a_Fatal("Error specifying the initial target server of an HTTP request.") 
    _WinHttpCloseHandle($hOpen) 
    Exit 2 
EndIf 

Global $aRequest = _WinHttpSimpleSSLRequest($hConnect,"GET"  ,$array_url[6]&$array_url[7],Default    , Default,  Default, True        ,  Default,    "Admin",    Default,  1)
;~                 _WinHttpSimpleSSLRequest($hConnect, $sType, $sPath                    , $sReferrer,   $sDta, $sHeader, $fGetHeaders,   $iMode, $sCredName, $sCredPass, $iIgnoreCertErrors)
consolewrite(@error&@crlf)
If @error Then 
    Switch @error
        Case 1
            _log4a_Fatal("could not open request.") 
        Case 2
            _log4a_Fatal("could not send request.") 
        Case 3
            _log4a_Fatal("could not receive response.") 
        Case 4
            _log4a_Fatal("$iMode is not valid.") 
    EndSwitch
EndIf

_arraydisplay($aRequest)

 Close_request()

Func Close_request()
    ; Close open handles and exit 
;~  _WinHttpCloseHandle($hRequest) 
    _WinHttpCloseHandle($hConnect) 
    _WinHttpCloseHandle($hOpen)
EndFunc

And here is what the array spits out now 

Row|Col 0
[0]|HTTP/1.1 401 Unauthorized
Date: Wed, 02 Aug 2017 15:38:38 GMT
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Basic realm=""


[1]|
[2]|https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES

I had made the most basic user possible within the Solarwinds site "Admin" with no password just to try to get this working.

Link to comment
Share on other sites
Nhardel Seeker

Nhardel

Posted
  • Author
Posted (edited)

Holy crap, I got the expected response back.  :D  Thanks so much Inververs.   Let me go play with this for a while and now that I can actually talk to the server see if I can figure out how to do the POST verb and understand JSON arrays.   Again, thanks a lot.

I did have to drop the '& @CRLF' to get this to work.   

Edited by nhardel
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...