Re: Digest Authentication woes
Hey paul did you ever get this to work. I am stuck in the same position as you are. I spent a few days dissecting Viele/Retriever and this is what I ended up with. Obviously it doesnt work else I would be posting a working example. If you did get yours to work, can you post some code and show me where I went wrong. Code Snippet: cfhttp resolveurl=yes url=http://rets.armls.mlsrets.com; method=get /cfhttp cfdump var=#cfhttp.responseHeader# / cfdump var=#ArrayLen(ListToArray(Trim(cfhttp.responseHeader[WWW-Authenticate])))# / cfscript username = ''; password = ''; function create_Auth(){ tempList = Replace(cfhttp.responseHeader[WWW-Authenticate],Digest ,'','All'); headerArr = ListToArray(Trim(tempList)); auth_Temp = ListToArray(Trim(cfhttp.responseHeader[WWW-Authenticate]),' '); auth_Type = auth_Temp[1]; // create basic auth header if (auth_Type eq 'Basic'){ auth = username ':' password; encodedAuth = 'Authorization: Basic ' toBase64(auth); return encodedAuth; } // create digest auth header if(auth_Type eq 'Digest'){ authStc = structNew(); for(i=1;i lte ArrayLen(headerArr);i=i+1){ key = Replace(Left(headerArr[i],Find('=',headerArr[i])),'=','','ALL'); value = Replace(RemoveChars(headerArr[i],1,Find('=',headerArr[i],1)),'','','ALL'); authStc[key] = value; } auth_Realm = authStc['realm']; respA1 = username ':' auth_Realm ':' password; respA2 = 'POST:' ':' '/rets/login'; auth_Nonce = authStc['nonce']; auth_Opaque = authStc['opaque']; is2069 = false; if(structKeyExists(authStc,'qop') and NOT structKeyExists(authStc,'auth_qop')){ is2069 = true; } if(is2069){ raw_Digest = Lcase(Hash(respA1,MD5)) ':' auth_Nonce ':' Lcase(Hash(respA2,MD5)); encodedAuth = 'Authorization: Digest username=' chr(34) username chr(34) ',' 'realm=' chr(34) auth_Realm chr(34) ',' 'nonce=' auth_Nonce ',' 'uri=' chr(34) '/rets/login' chr(34) ',' 'response=' Lcase(Hash(raw_Digest,MD5)) ',' 'opaque=' chr(34) auth_Opaque chr(34); }else{ thisVar = NO; } return encodedAuth; } } /cfscript cfdump var=#create_Auth()# cfhttp url=http://rets.armls.mlsrets.com; method=post cfhttpparam name=Authorization type=header value=#create_Auth()# /cfhttp ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278677 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Digest Authentication woes
Paul Cormier wrote: cfset A1 = Hash(#UserName#:#MLSID#:#Password#, MD5) cfset A2 = Hash(GET:#Login_uri#, MD5) cfset response = lCase(Hash(#A1#:#nonce#:#A2#, MD5)) The CFML Hash function returns an uppercase hash, the RFC expects a lowercase hash. You need to lowercase A1 before you hash it again to create your response variable. I don't see any obvious problems with the rest, so you really need a proxy / sniffer because the difference between an uppercase and a lowercase hash will not give a 400 Bad Request. Jochem ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277577 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Digest Authentication woes
Does anyone have any success stories performing CF Server to remote HTTP Server Digest Authentication? I know it's not natively supported by the cfhttp tag. I also know the server I'm trying to connect to works and that I have proper credentials, as I can connect using a web browser. I even recorded all the communications exchanged during that session using FireFox's Live Headers Modify Headers add-on and duplicated the exchange exactly with cfhttp cfhttpparams, but I keep getting 401 Bad Request. Response did not match. I was pretty careful duplicating the exchange as described in RFC 2617 HTTP Authentication: Basic and Digest Access Authentication I couldn't get the CFX_HTTP5 custom tag to work either even though it does support Digest Authentication natively. Any help/insight/experience/code would be appreciated. Paul ~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277418 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Digest Authentication woes
Paul Cormier wrote: Does anyone have any success stories performing CF Server to remote HTTP Server Digest Authentication? I know it's not natively supported by the cfhttp tag. I also know the server I'm trying to connect to works and that I have proper credentials, as I can connect using a web browser. I even recorded all the communications exchanged during that session using FireFox's Live Headers Modify Headers add-on and duplicated the exchange exactly with cfhttp cfhttpparams, but I keep getting 401 Bad Request. Response did not match. Can you show the recording and your code? Did you record your attempts to run it from CF with a packetsniffer or proxy? Jochem ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277465 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Digest Authentication woes
Can you show the recording and your code? Did you record your attempts to run it from CF with a packetsniffer or proxy? Jochem I did not yet try the packetsniffer/proxy monitoring to see exactly what the CF Server is sending. Recording of successful FireFox session (credentials obfuscated): -- http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx GET /Itech/ITEC/Login.aspx HTTP/1.1 Host: rets15.raprets.com:6103 User-Agent: XX Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive RETS-Version: RETS/1.5 HTTP/1.x 401 Unauthorized. Not Authenticated Date: Tue, 17 Apr 2007 15:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET (05) X-AspNet-Version: 1.1.4322 WWW-Authenticate: Digest realm=ITEC, nonce=3b856a69cb9ecaeac324f9d0f1be9fd3, opaque=ea3056551e956d2f363f9e8f520a1755, qop=auth RETS-Version: RETS/1.5 Transfer-Encoding: chunked Cache-Control: private Content-Type: text/xml -- http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx GET /Itech/ITEC/Login.aspx HTTP/1.1 Host: rets15.raprets.com:6103 User-Agent: XX Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive RETS-Version: RETS/1.5 Authorization: Digest username=, realm=ITEC, nonce=3b856a69cb9ecaeac324f9d0f1be9fd3, uri=/Itech/ITEC/Login.aspx, response=c3b0d5f6d805da44dce16c5aa25bb09e, opaque=ea3056551e956d2f363f9e8f520a1755, qop=auth, nc=0001, cnonce=15579d4174a47e3c HTTP/1.x 200 OK Date: Tue, 17 Apr 2007 15:34:02 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET (05) X-AspNet-Version: 1.1.4322 Set-Cookie: RETS-Session-ID=90ff78ab95444124bc43cf0eac9bfd72; path=/ RETS-Version: RETS/1.5 Transfer-Encoding: chunked Cache-Control: private Content-Type: text/xml; charset=utf-8 -- ColdFusion Code Fragment: !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / titleRETS 1.5 Digest Auth Test/title /head body !--- Rapattoni Data --- cfset hostname = rets15.raprets.com cfset hostport = 6103 cfset UserName = cfset Password = cfset User_Agent = cfset Login_Area = GET /Itech/ITEC/Login.aspx?BrokerCode%3d HTTP/1.1 cfset Login_uri= /Itech/ITEC/Login.aspx cfset rets_version = RETS/1.5 cfset qop = auth cfset nc = 0001 cfset nonce= cfset opaque = cfset response = cfset MLSID= ITEC cfset A1 = Hash(#UserName#:#MLSID#:#Password#, MD5) cfset A2 = Hash(GET:#Login_uri#, MD5) cfset response = lCase(Hash(#A1#:#nonce#:#A2#, MD5)) cfset TheAuthorization = 'Digest username=#Username#, realm=#MLSID#, nonce=#nonce#, opaque=#opaque#, uri=#Login_uri#, response=#response#' !--- First request to get Authenticate Information --- cfhttp url=http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx; method=get cfhttpparam name=User-Agent type=header value=#User_Agent# cfhttpparam name=Accept type=header value=text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 cfhttpparam name=Accept-Languagetype=header value=en-us,en;q=0.5 cfhttpparam name=Accept-Encodingtype=header value=gzip,deflate cfhttpparam name=Accept-Charset type=header value=ISO-8859-1,utf-8;q=0.7,*;q=0.7 cfhttpparam name=Keep-Alive type=header value=300 cfhttpparam name=Connection type=header value=keep-alive cfhttpparam name=RETS-Version type=header value=#rets_version# /cfhttp h3Initial Request Response/h3 cfdump var=#cfhttp# /brbr !--- Build Components from first response to create second request information --- cfset MyArrayList = ListToArray(cfhttp.responseHeader[WWW-Authenticate]) cfset nonce= ListGetAt(MyArrayList[2], 2, '') cfset opaque = ListGetAt(MyArrayList[3], 2, '') cfset cnonce = lcase(Hash(#user_agent#:::#nonce#, MD5)) cfset response= lCase(Hash(#A1#:#nonce#:#nc#:#cnonce#:#qop#:#A2#, MD5)) cfset TheAuthorization = 'Digest username=#UserName#, realm=#MLSID#, nonce=#nonce#, uri=#Login_uri#, response=#response#, opaque=#opaque#, qop=#qop#, nc=#nc#, cnonce=#cnonce#' cfoutput h3Generated Authorization Header/h3 pAuthorization: #TheAuthorization#/p /cfoutput !--- Second request to get Authenticated --- cfhttp
digest authentication...
I have someone using ms mappoint's web service and they need to support digest authentication through axis. Is there an easy way to do this in CF - I mean using the create object or cfinvoke tags? -Mark Mark A. Kruger, CFG, MCSE www.cfwebtools.com www.necfug.com http://mkruger.cfwebtools.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:210355 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Digest Authentication
Mitch Rose wrote: Is this possible with CF, and if so, can someone post some sample code or point me in the right direction? Yes it is possible. If you download the Basic Athentication tag from http://www.vandieten.net/jochem/coldfusion/customtags/login/ you just have to change the authentication algorith as per RFC 2617. Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207956 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Digest Authentication
This tag supports it: http://www.cftagstore.com/tags/cfxhttp5.cfm ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207963 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Digest Authentication
Is this possible with CF, and if so, can someone post some sample code or point me in the right direction? thanks, mitch rose ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207944 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54