Re: Digest Authentication woes
Hey paul did you ever get this to work. I am stuck in the same position as you are. I spent a few days dissecting Viele/Retriever and this is what I ended up with. Obviously it doesnt work else I would be posting a working example. If you did get yours to work, can you post some code and show me where I went wrong. Code Snippet: http://rets.armls.mlsrets.com"; method="get"> username = ''; password = ''; function create_Auth(){ tempList = Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",'','All'); headerArr = ListToArray(Trim(tempList)); auth_Temp = ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' '); auth_Type = auth_Temp[1]; // create basic auth header if (auth_Type eq 'Basic'){ auth = username & ':' & password; encodedAuth = 'Authorization: Basic ' & toBase64(auth); return encodedAuth; } // create digest auth header if(auth_Type eq 'Digest'){ authStc = structNew(); for(i=1;i lte ArrayLen(headerArr);i=i+1){ key = Replace(Left(headerArr[i],Find('=',headerArr[i])),'=','','ALL'); value = Replace(RemoveChars(headerArr[i],1,Find('=',headerArr[i],"1")),'"','','ALL'); authStc[key] = value; } auth_Realm = authStc['realm']; respA1 = username & ':' & auth_Realm & ':' & password; respA2 = 'POST:' & ':' & '/rets/login'; auth_Nonce = authStc['nonce']; auth_Opaque = authStc['opaque']; is2069 = false; if(structKeyExists(authStc,'qop') and NOT structKeyExists(authStc,'auth_qop')){ is2069 = true; } if(is2069){ raw_Digest = Lcase(Hash(respA1,"MD5")) & ':' & auth_Nonce & ':' & Lcase(Hash(respA2,"MD5")); encodedAuth = 'Authorization: Digest username=' & chr(34) & username & chr(34) & ',' & 'realm=' & chr(34) & auth_Realm & chr(34) & ',' & 'nonce=' & auth_Nonce & ',' & 'uri=' & chr(34) & '/rets/login' & chr(34) & ',' & 'response=' & Lcase(Hash(raw_Digest,"MD5")) & ',' & 'opaque=' & chr(34) & auth_Opaque & chr(34); }else{ thisVar = "NO"; } return encodedAuth; } } http://rets.armls.mlsrets.com"; method="post"> ~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278677 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Digest Authentication woes
Paul Cormier wrote: > > > > The CFML Hash function returns an uppercase hash, the RFC expects a lowercase hash. You need to lowercase A1 before you hash it again to create your response variable. I don't see any obvious problems with the rest, so you really need a proxy / sniffer because the difference between an uppercase and a lowercase hash will not give a 400 Bad Request. Jochem ~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277577 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Digest Authentication woes
> Can you show the recording and your code? Did you record your attempts > > to run it from CF with a packetsniffer or proxy? > > Jochem I did not yet try the packetsniffer/proxy monitoring to see exactly what the CF Server is sending. Recording of successful FireFox session (credentials obfuscated): -- http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx GET /Itech/ITEC/Login.aspx HTTP/1.1 Host: rets15.raprets.com:6103 User-Agent: XX Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive RETS-Version: RETS/1.5 HTTP/1.x 401 Unauthorized. Not Authenticated Date: Tue, 17 Apr 2007 15:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET (05) X-AspNet-Version: 1.1.4322 WWW-Authenticate: Digest realm="ITEC", nonce="3b856a69cb9ecaeac324f9d0f1be9fd3", opaque="ea3056551e956d2f363f9e8f520a1755", qop="auth" RETS-Version: RETS/1.5 Transfer-Encoding: chunked Cache-Control: private Content-Type: text/xml -- http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx GET /Itech/ITEC/Login.aspx HTTP/1.1 Host: rets15.raprets.com:6103 User-Agent: XX Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive RETS-Version: RETS/1.5 Authorization: Digest username="", realm="ITEC", nonce="3b856a69cb9ecaeac324f9d0f1be9fd3", uri="/Itech/ITEC/Login.aspx", response="c3b0d5f6d805da44dce16c5aa25bb09e", opaque="ea3056551e956d2f363f9e8f520a1755", qop=auth, nc=0001, cnonce="15579d4174a47e3c" HTTP/1.x 200 OK Date: Tue, 17 Apr 2007 15:34:02 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET (05) X-AspNet-Version: 1.1.4322 Set-Cookie: RETS-Session-ID=90ff78ab95444124bc43cf0eac9bfd72; path=/ RETS-Version: RETS/1.5 Transfer-Encoding: chunked Cache-Control: private Content-Type: text/xml; charset=utf-8 -- ColdFusion Code Fragment: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> http://www.w3.org/1999/xhtml";> RETS 1.5 Digest Auth Test http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx"; method="get" > Initial Request Response Generated Authorization Header Authorization: #TheAuthorization# http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx"; method="POST"> Authorization Response ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277567 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Digest Authentication woes
Paul Cormier wrote: > Does anyone have any success stories performing CF Server to remote HTTP > Server Digest Authentication? I know it's not natively supported by the > tag. I also know the server I'm trying to connect to works and that > I have proper credentials, as I can connect using a web browser. I even > recorded all the communications exchanged during that session using FireFox's > "Live Headers" & "Modify Headers" add-on and duplicated the exchange exactly > with & s, but I keep getting "401 Bad Request. Response > did not match." Can you show the recording and your code? Did you record your attempts to run it from CF with a packetsniffer or proxy? Jochem ~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277465 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Digest Authentication woes
Does anyone have any success stories performing CF Server to remote HTTP Server Digest Authentication? I know it's not natively supported by the tag. I also know the server I'm trying to connect to works and that I have proper credentials, as I can connect using a web browser. I even recorded all the communications exchanged during that session using FireFox's "Live Headers" & "Modify Headers" add-on and duplicated the exchange exactly with & s, but I keep getting "401 Bad Request. Response did not match." I was pretty careful duplicating the exchange as described in RFC 2617 "HTTP Authentication: Basic and Digest Access Authentication" I couldn't get the CFX_HTTP5 custom tag to work either even though it does support Digest Authentication natively. Any help/insight/experience/code would be appreciated. Paul ~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277418 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4