3 Replies Latest reply on Nov 8, 2011 11:33 PM by Upen@Roul

    Digest Authentication issues

    rottmanja
      Has anyone ever successfully performed a remote http server digest authentication? I am currently building a script that authenticates against a server using a supplied username and password. All of my attempts thus far have come up empty and I am not quite sure where I am going wrong with this.

      I have modeled my headers exactly after the heads I get with a successful Firefox login.

      Here are the headers I get from the Live Headers firefox addon.

      Initial Response:

      http://rets.armls.mlsrets.com/rets/login

      GET /rets/login HTTP/1.1
      Host: rets.armls.mlsrets.com
      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
      Accept: application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5
      Accept-Language: en-us,en;q=0.5
      Accept-Encoding: gzip,deflate
      Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
      Keep-Alive: 300
      Connection: keep-alive

      HTTP/1.x 401 Unauthorized
      Content-Length: 1944
      Content-Type: text/html
      Server: Microsoft-IIS/6.0
      X-Powered-By: ASP.NET
      WWW-Authenticate: Digest qop="auth",realm="rets@marketlinx.com",nonce="2aaa0db6ed2bb21e8b913e1844b0abf1",opaque="2 0050024497281"
      Date: Sun, 20 May 2007 00:24:49 GMT
      Connection: close


      Authenticated Response:
      http://rets.armls.mlsrets.com/rets/login

      GET /rets/login HTTP/1.1
      Host: rets.armls.mlsrets.com
      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
      Accept: application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5
      Accept-Language: en-us,en;q=0.5
      Accept-Encoding: gzip,deflate
      Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
      Keep-Alive: 300
      Connection: keep-alive
      Authorization: Digest username="cril01", realm="rets@marketlinx.com", nonce="2aaa0db6ed2bb21e8b913e1844b0abf1", uri="/rets/login", response="db214dcb999219968d829b5513e476dd", opaque="20050024497281", qop="auth", nc=00000001, cnonce="1d545807784766d0"

      HTTP/1.x 200 OK
      Connection: close
      Date: Sun, 20 May 2007 00:24:54 GMT
      Server: Microsoft-IIS/6.0
      X-Powered-By: ASP.NET
      Expires: 0
      Cache-Control: private
      RETS-Version: RETS/1.5
      Set-Cookie: RETS-Session-ID=2aaa0db6ed2bb21e8b913e1844b0abf1; path=/
      Content-Type: text/xml



      Now even with me exactly copying these headers. I still get 401 (Unauthorized) errors. Does anyone see where I went wrong with this?

      Here is a link to my current test: http://www.myhomesmart.com/admin/dev/test4.cfm


      And here is my code.




        • 1. Re: Digest Authentication issues
          Mr Black Level 1
          You cannot just copy headers form successful login, since they are a function of server's nonce, which is different on every request (this is the main idea of Digest). Actually, authorization is a function of server's nonce and client's nonce. So, you have to correclty calculate this every time you log in.

          However, with CFX_HTTP5 I immediately got this [successful] response without any programming:

          <RETS ReplyCode="0" ReplyText="Operation Successful">
          <RETS-RESPONSE>
          MemberName = TRUDY MOORE
          User = CRIL01,1,SUBSCRIBER,CRIL01
          Broker = HOMESMART
          MetadataVersion = 1.00.00004
          MinMetadataVersion = 1.00.00004
          OfficeList = NONE
          TimeoutSeconds = 1440
          Action = /RETS/Action
          GetObject = /RETS/GetObject
          Login = /RETS/Login
          Logout = /RETS/Logout
          Search = /RETS/Search
          GetMetadata = /RETS/GetMetadata
          X-Links = /RETS/LINKS
          X-Stats = /RETS/STATS
          X-OMEGA = /RETS/Omega
          </RETS-RESPONSE>
          </RETS>

          • 2. Re: Digest Authentication issues
            rottmanja Level 1
            I would love to use CFX_HTTP5 but our servers run on linux. Unless there is an alternative to it, I am kind of stuck.

            When I said, I was making them exactly the same. I didnt mean data whise, I meant structure wise.

            IE
            Accept-Language: en-us,en;q=0.5
            Accept-Encoding: gzip,deflate
            Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
            • 3. Re: Digest Authentication issues
              Upen@Roul Level 1

              @Mr Black:

               

              Can you please describe how to use CFX_HTTP5 for RETS call.