Re: Digest Authentication woes

2007-05-19 Thread Jeremy Rottman 
Hey paul did you ever get this to work. I am stuck in the same position as you 
are. I spent a few days dissecting Viele/Retriever and this is what I ended up 
with. Obviously it doesnt work else I would be posting a working example. If 
you did get yours to work, can you post some code and show me where I went 
wrong.


Code Snippet:

   cfhttp resolveurl=yes url=http://rets.armls.mlsrets.com;  
method=get
   /cfhttp


cfdump var=#cfhttp.responseHeader# /
cfdump 
var=#ArrayLen(ListToArray(Trim(cfhttp.responseHeader[WWW-Authenticate])))# 
/
cfscript
username = '';
password = '';
   function create_Auth(){
   tempList = 
Replace(cfhttp.responseHeader[WWW-Authenticate],Digest ,'','All');
   headerArr = ListToArray(Trim(tempList));
   auth_Temp = 
ListToArray(Trim(cfhttp.responseHeader[WWW-Authenticate]),' ');
   auth_Type = auth_Temp[1];

   // create basic auth header
   if (auth_Type eq 'Basic'){
   auth = username  ':'  password;
   encodedAuth = 'Authorization: Basic '  toBase64(auth);
   return encodedAuth;
   }
   // create digest auth header
   if(auth_Type eq 'Digest'){
   authStc = structNew();
   for(i=1;i lte ArrayLen(headerArr);i=i+1){
   key = 
Replace(Left(headerArr[i],Find('=',headerArr[i])),'=','','ALL');
   value = 
Replace(RemoveChars(headerArr[i],1,Find('=',headerArr[i],1)),'','','ALL');
   authStc[key] = value;
   }
   auth_Realm = authStc['realm'];

   respA1 = username  ':'  auth_Realm  ':'  password;
   respA2 = 'POST:'  ':'  '/rets/login';

   auth_Nonce = authStc['nonce'];
   auth_Opaque = authStc['opaque'];

   is2069 = false;
   if(structKeyExists(authStc,'qop') and NOT 
structKeyExists(authStc,'auth_qop')){
   is2069 = true;
   }

   if(is2069){
   raw_Digest = Lcase(Hash(respA1,MD5))  ':'  
auth_Nonce  ':'  Lcase(Hash(respA2,MD5));
   encodedAuth = 'Authorization: Digest username=' 
 chr(34)  username  chr(34)  ',' 
 'realm='  chr(34)  
auth_Realm  chr(34)  ',' 
 'nonce='  auth_Nonce 
 ',' 
 'uri='  chr(34)  
'/rets/login'  chr(34)  ',' 
 'response='  
Lcase(Hash(raw_Digest,MD5))  ',' 
 'opaque='  chr(34)  
auth_Opaque  chr(34);
   }else{
   thisVar = NO;
   }




   return encodedAuth;
   }


   }
/cfscript

cfdump var=#create_Auth()#


   cfhttp url=http://rets.armls.mlsrets.com; method=post
   cfhttpparam name=Authorization type=header 
value=#create_Auth()#
   /cfhttp

~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278677
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Digest Authentication woes

2007-05-10 Thread Jochem van Dieten 
Paul Cormier wrote:
 
 cfset A1 = Hash(#UserName#:#MLSID#:#Password#, MD5)
 cfset A2 = Hash(GET:#Login_uri#, MD5)
 cfset response   = lCase(Hash(#A1#:#nonce#:#A2#, MD5))

The CFML Hash function returns an uppercase hash, the RFC expects a 
lowercase hash. You need to lowercase A1 before you hash it again to 
create your response variable.

I don't see any obvious problems with the rest, so you really need a 
proxy / sniffer because the difference between an uppercase and a 
lowercase hash will not give a 400 Bad Request.

Jochem


~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277577
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Digest Authentication woes

2007-05-09 Thread Paul Cormier 
Does anyone have any success stories performing CF Server to remote HTTP Server 
Digest Authentication? I know it's not natively supported by the cfhttp tag. 
I also know the server I'm trying to connect to works and that I have proper 
credentials, as I can connect using a web browser. I even recorded all the 
communications exchanged during that session using FireFox's Live Headers  
Modify Headers add-on and duplicated the exchange exactly with cfhttp  
cfhttpparams, but I keep getting 401 Bad Request. Response did not match.

I was pretty careful duplicating the exchange as described in RFC 2617 HTTP 
Authentication: Basic and Digest Access Authentication

I couldn't get the CFX_HTTP5 custom tag to work either even though it does 
support Digest Authentication natively.

Any help/insight/experience/code would be appreciated.

Paul


~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277418
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Digest Authentication woes

2007-05-09 Thread Jochem van Dieten 
Paul Cormier wrote:
 Does anyone have any success stories performing CF Server to remote HTTP 
 Server Digest Authentication? I know it's not natively supported by the 
 cfhttp tag. I also know the server I'm trying to connect to works and that 
 I have proper credentials, as I can connect using a web browser. I even 
 recorded all the communications exchanged during that session using FireFox's 
 Live Headers  Modify Headers add-on and duplicated the exchange exactly 
 with cfhttp  cfhttpparams, but I keep getting 401 Bad Request. Response 
 did not match.

Can you show the recording and your code? Did you record your attempts 
to run it from CF with a packetsniffer or proxy?

Jochem

~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277465
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Digest Authentication woes

2007-05-09 Thread Paul Cormier 
 Can you show the recording and your code? Did you record your attempts 
 
 to run it from CF with a packetsniffer or proxy?
 
 Jochem

I did not yet try the packetsniffer/proxy monitoring to see exactly what the CF 
Server is sending. 

Recording of successful FireFox session (credentials obfuscated):

--
http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx

GET /Itech/ITEC/Login.aspx HTTP/1.1
Host: rets15.raprets.com:6103
User-Agent: XX
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
RETS-Version: RETS/1.5

HTTP/1.x 401 Unauthorized. Not Authenticated
Date: Tue, 17 Apr 2007 15:32:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET (05)
X-AspNet-Version: 1.1.4322
WWW-Authenticate: Digest realm=ITEC, 
nonce=3b856a69cb9ecaeac324f9d0f1be9fd3, 
opaque=ea3056551e956d2f363f9e8f520a1755, qop=auth
RETS-Version: RETS/1.5
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml
--

http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx

GET /Itech/ITEC/Login.aspx HTTP/1.1
Host: rets15.raprets.com:6103
User-Agent: XX
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
RETS-Version: RETS/1.5
Authorization: Digest username=, realm=ITEC, 
nonce=3b856a69cb9ecaeac324f9d0f1be9fd3, uri=/Itech/ITEC/Login.aspx, 
response=c3b0d5f6d805da44dce16c5aa25bb09e, 
opaque=ea3056551e956d2f363f9e8f520a1755, qop=auth, nc=0001, 
cnonce=15579d4174a47e3c

HTTP/1.x 200 OK
Date: Tue, 17 Apr 2007 15:34:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET (05)
X-AspNet-Version: 1.1.4322
Set-Cookie: RETS-Session-ID=90ff78ab95444124bc43cf0eac9bfd72; path=/
RETS-Version: RETS/1.5
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
--

ColdFusion Code Fragment:

!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN 
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /
titleRETS 1.5 Digest Auth Test/title
/head
body
!--- Rapattoni Data ---
cfset hostname = rets15.raprets.com
cfset hostport = 6103
cfset UserName = 
cfset Password = 
cfset User_Agent   = 
cfset Login_Area   = GET /Itech/ITEC/Login.aspx?BrokerCode%3d HTTP/1.1
cfset Login_uri= /Itech/ITEC/Login.aspx
cfset rets_version = RETS/1.5
cfset qop  = auth
cfset nc   = 0001
cfset nonce= 
cfset opaque   = 
cfset response = 
cfset MLSID= ITEC

cfset A1   = Hash(#UserName#:#MLSID#:#Password#, MD5)
cfset A2   = Hash(GET:#Login_uri#, MD5)
cfset response = lCase(Hash(#A1#:#nonce#:#A2#, MD5))
cfset TheAuthorization = 'Digest username=#Username#, realm=#MLSID#, 
nonce=#nonce#, opaque=#opaque#, uri=#Login_uri#, response=#response#'


!--- First request to get Authenticate Information ---
cfhttp url=http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx; method=get 

 cfhttpparam name=User-Agent type=header value=#User_Agent# 
 cfhttpparam name=Accept type=header 
value=text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
 cfhttpparam name=Accept-Languagetype=header value=en-us,en;q=0.5
 cfhttpparam name=Accept-Encodingtype=header value=gzip,deflate
 cfhttpparam name=Accept-Charset type=header 
value=ISO-8859-1,utf-8;q=0.7,*;q=0.7
 cfhttpparam name=Keep-Alive type=header value=300
 cfhttpparam name=Connection type=header value=keep-alive
 cfhttpparam name=RETS-Version   type=header value=#rets_version#
/cfhttp


h3Initial Request Response/h3
cfdump var=#cfhttp# /brbr


!--- Build Components from first response to create second request information 
---
cfset MyArrayList = ListToArray(cfhttp.responseHeader[WWW-Authenticate])
cfset nonce= ListGetAt(MyArrayList[2], 2, '')
cfset opaque   = ListGetAt(MyArrayList[3], 2, '')

cfset cnonce  = lcase(Hash(#user_agent#:::#nonce#, MD5))
cfset response= lCase(Hash(#A1#:#nonce#:#nc#:#cnonce#:#qop#:#A2#, 
MD5))

cfset TheAuthorization = 'Digest username=#UserName#, realm=#MLSID#, 
nonce=#nonce#, uri=#Login_uri#, response=#response#, opaque=#opaque#, 
qop=#qop#, nc=#nc#, cnonce=#cnonce#'

cfoutput
h3Generated Authorization Header/h3
pAuthorization: #TheAuthorization#/p
/cfoutput

!--- Second request to get Authenticated ---
cfhttp

digest authentication...

2005-06-23 Thread Mark A Kruger 
I have someone using ms mappoint's web service and they need to support
digest authentication through axis. Is there an easy way to do this in CF -
I mean using the create object or cfinvoke tags?

-Mark

Mark A. Kruger, CFG, MCSE
www.cfwebtools.com
www.necfug.com
http://mkruger.cfwebtools.com




~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:210355
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Digest Authentication

2005-05-28 Thread Jochem van Dieten 
Mitch Rose wrote:
 Is this possible with CF, and if so, can someone post some sample code or 
 point me in the right direction?

Yes it is possible. If you download the Basic Athentication tag 
from http://www.vandieten.net/jochem/coldfusion/customtags/login/ 
you just have to change the authentication algorith as per RFC 2617.

Jochem

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207956
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Digest Authentication

2005-05-28 Thread One User 
This tag supports it:

http://www.cftagstore.com/tags/cfxhttp5.cfm

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207963
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Digest Authentication

2005-05-27 Thread Mitch Rose 
Is this possible with CF, and if so, can someone post some sample code or point 
me in the right direction?

thanks, 
mitch rose

~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207944
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54