Re: Digest Authentication woes

2007-05-19 Thread Jeremy Rottman 
Hey paul did you ever get this to work. I am stuck in the same position as you 
are. I spent a few days dissecting Viele/Retriever and this is what I ended up 
with. Obviously it doesnt work else I would be posting a working example. If 
you did get yours to work, can you post some code and show me where I went 
wrong.


Code Snippet:

   http://rets.armls.mlsrets.com";  
method="get">
   





username = '';
password = '';
   function create_Auth(){
   tempList = 
Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",'','All');
   headerArr = ListToArray(Trim(tempList));
   auth_Temp = 
ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' ');
   auth_Type = auth_Temp[1];

   // create basic auth header
   if (auth_Type eq 'Basic'){
   auth = username & ':' & password;
   encodedAuth = 'Authorization: Basic ' & toBase64(auth);
   return encodedAuth;
   }
   // create digest auth header
   if(auth_Type eq 'Digest'){
   authStc = structNew();
   for(i=1;i lte ArrayLen(headerArr);i=i+1){
   key = 
Replace(Left(headerArr[i],Find('=',headerArr[i])),'=','','ALL');
   value = 
Replace(RemoveChars(headerArr[i],1,Find('=',headerArr[i],"1")),'"','','ALL');
   authStc[key] = value;
   }
   auth_Realm = authStc['realm'];

   respA1 = username & ':' & auth_Realm & ':' & password;
   respA2 = 'POST:' & ':' & '/rets/login';

   auth_Nonce = authStc['nonce'];
   auth_Opaque = authStc['opaque'];

   is2069 = false;
   if(structKeyExists(authStc,'qop') and NOT 
structKeyExists(authStc,'auth_qop')){
   is2069 = true;
   }

   if(is2069){
   raw_Digest = Lcase(Hash(respA1,"MD5")) & ':' & 
auth_Nonce & ':' & Lcase(Hash(respA2,"MD5"));
   encodedAuth = 'Authorization: Digest username=' 
& chr(34) & username & chr(34) & ',' &
 'realm=' & chr(34) & 
auth_Realm & chr(34) & ',' &
 'nonce=' & auth_Nonce 
& ',' &
 'uri=' & chr(34) & 
'/rets/login' & chr(34) & ',' &
 'response=' & 
Lcase(Hash(raw_Digest,"MD5")) & ',' &
 'opaque=' & chr(34) & 
auth_Opaque & chr(34);
   }else{
   thisVar = "NO";
   }




   return encodedAuth;
   }


   }





   http://rets.armls.mlsrets.com"; method="post">
   
   

~|
ColdFusion MX7 and Flex 2 
Build sales & marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278677
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Digest Authentication woes

2007-05-10 Thread Jochem van Dieten 
Paul Cormier wrote:
> 
> 
> 
> 

The CFML Hash function returns an uppercase hash, the RFC expects a 
lowercase hash. You need to lowercase A1 before you hash it again to 
create your response variable.

I don't see any obvious problems with the rest, so you really need a 
proxy / sniffer because the difference between an uppercase and a 
lowercase hash will not give a 400 Bad Request.

Jochem


~|
Create Web Applications With ColdFusion MX7 & Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277577
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Digest Authentication woes

2007-05-09 Thread Paul Cormier 
> Can you show the recording and your code? Did you record your attempts 
> 
> to run it from CF with a packetsniffer or proxy?
> 
> Jochem

I did not yet try the packetsniffer/proxy monitoring to see exactly what the CF 
Server is sending. 

Recording of successful FireFox session (credentials obfuscated):

--
http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx

GET /Itech/ITEC/Login.aspx HTTP/1.1
Host: rets15.raprets.com:6103
User-Agent: XX
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
RETS-Version: RETS/1.5

HTTP/1.x 401 Unauthorized. Not Authenticated
Date: Tue, 17 Apr 2007 15:32:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET (05)
X-AspNet-Version: 1.1.4322
WWW-Authenticate: Digest realm="ITEC", 
nonce="3b856a69cb9ecaeac324f9d0f1be9fd3", 
opaque="ea3056551e956d2f363f9e8f520a1755", qop="auth"
RETS-Version: RETS/1.5
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml
--

http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx

GET /Itech/ITEC/Login.aspx HTTP/1.1
Host: rets15.raprets.com:6103
User-Agent: XX
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
RETS-Version: RETS/1.5
Authorization: Digest username="", realm="ITEC", 
nonce="3b856a69cb9ecaeac324f9d0f1be9fd3", uri="/Itech/ITEC/Login.aspx", 
response="c3b0d5f6d805da44dce16c5aa25bb09e", 
opaque="ea3056551e956d2f363f9e8f520a1755", qop=auth, nc=0001, 
cnonce="15579d4174a47e3c"

HTTP/1.x 200 OK
Date: Tue, 17 Apr 2007 15:34:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET (05)
X-AspNet-Version: 1.1.4322
Set-Cookie: RETS-Session-ID=90ff78ab95444124bc43cf0eac9bfd72; path=/
RETS-Version: RETS/1.5
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
--

ColdFusion Code Fragment:

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>


RETS 1.5 Digest Auth Test

























http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx"; method="get" 
>
  
 
 
 
 
 
 
 



Initial Request Response














Generated Authorization Header
Authorization: #TheAuthorization#



http://rets15.raprets.com:6103/Itech/ITEC/Login.aspx"; 
method="POST">
  
 
 
 
 
 
 
 
 


Authorization Response





~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade & see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277567
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Digest Authentication woes

2007-05-09 Thread Jochem van Dieten 
Paul Cormier wrote:
> Does anyone have any success stories performing CF Server to remote HTTP 
> Server Digest Authentication? I know it's not natively supported by the 
>  tag. I also know the server I'm trying to connect to works and that 
> I have proper credentials, as I can connect using a web browser. I even 
> recorded all the communications exchanged during that session using FireFox's 
> "Live Headers" & "Modify Headers" add-on and duplicated the exchange exactly 
> with  & s, but I keep getting "401 Bad Request. Response 
> did not match."

Can you show the recording and your code? Did you record your attempts 
to run it from CF with a packetsniffer or proxy?

Jochem

~|
ColdFusion MX7 and Flex 2 
Build sales & marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277465
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Digest Authentication woes

2007-05-09 Thread Paul Cormier 
Does anyone have any success stories performing CF Server to remote HTTP Server 
Digest Authentication? I know it's not natively supported by the  tag. 
I also know the server I'm trying to connect to works and that I have proper 
credentials, as I can connect using a web browser. I even recorded all the 
communications exchanged during that session using FireFox's "Live Headers" & 
"Modify Headers" add-on and duplicated the exchange exactly with  & 
s, but I keep getting "401 Bad Request. Response did not match."

I was pretty careful duplicating the exchange as described in RFC 2617 "HTTP 
Authentication: Basic and Digest Access Authentication"

I couldn't get the CFX_HTTP5 custom tag to work either even though it does 
support Digest Authentication natively.

Any help/insight/experience/code would be appreciated.

Paul


~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & 
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277418
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4