[REBOL] HTTP username/password Re:(2)
Thanks, Holger! But we may still not be out of the woods...
[EMAIL PROTECTED] wrote:
>
> OK, here is an update: it basically works (verified with tcpdump
> here), including usernames with "\" in them, if you do it
> correctly, but you need to use the long form, described below.
> In the current version using a URL won't always work in combination
> with user/pass authentication because of two bugs. The correct way
> to do it is:
>
> print read [
> scheme: 'http
> user: "my\user"
> pass: "mypassword"
> host: "www.somewhere.com"
> path: "dir/file.html"
> ]
>
> Please note: NO leading "/" in the path argument. That "/" is
> implied. If this still does not help then your server is probably
> doing something weird...
>
I used the method above to hit the same server that had earlier
given me a 401 error (with the path appended to the hostname),
and it worked.
I then turned trace/net on and tried again (using up-arrow to copy
the exact input as before), and got a 401.
I then turned trace/net off and tried again (via up-arrow again),
and it worked.
I then turned trace/net on and tried again (...), and REBOL crashed
hard with a "This program has performed an illegal operation and
will be shut down." alert.
I started a fresh copy of REBOL, and was able to use the above
technique once without and once with trace/net. On the third try
(with trace/net off) REBOL cratered again ("This program has
performed...etc.")
>
> I hope this helps.
>
Yes! Thanks! The responses (even the occasional "Yeah, we know
about that bug, and we're working on it.") are VERY welcome, as
far as I am concerned. I know you guys have to sleep and eat and
go potty every few days ;-) but it REALLY encourages me to know
that there are real folks at the other end of the wire who care
enough to talk to us lowly users (unlike some OTHER software
companies I could mention.)
Keep up the good work!
-jn-
REBOL: It puts the fun back in programming!
[REBOL] HTTP username/password Re:(2)
On Tue, 25 Jan 2000 [EMAIL PROTECTED] wrote:
> OK, here is an update: it basically works (verified with tcpdump here),
> including usernames with "\" in them, if you do it correctly, but you need
> to use the long form, described below. In the current version using a URL
> won't always work in combination with user/pass authentication because
> of two bugs. The correct way to do it is:
>
> print read [
> scheme: 'http
> user: "my\user"
> pass: "mypassword"
> host: "www.somewhere.com"
> path: "dir/file.html"
> ]
Here's what I type into the Parser...
>> print read [
[scheme: 'http
[user: "webuser"
[pass: "letmein"
[host: "127.0.0.1"
[path: "mysite/default.htm"
[]
Net-log: ["Opening tcp for" http]
connecting to: 127.0.0.1
Net-log: {GET /mysite/default.htm HTTP/1.0
Accept: */*
User-Agent: REBOL 2.2.0.3.1
Host: 127.0.0.1
Authorization: Basic d2VidXNlcjpsZXRtZWlu
}
Net-log: "HTTP/1.1 401 Access Denied"
** User Error: Error. Target url: http://127.0.0.1/mysite/default.htm
could not be retrieved
. Server response: HTTP/1.1 401 Access Denied.
** Where: print read [
scheme: 'http
user: "webuser"
pass: "letmein"
host: "127.0.0.1"
path: "mysite/default.htm"
]
My next guess is that it probably centers around the "User-Agent" clause,
and possibly the Accept: */*. However, I'm not overly familiar with the
low-levels of HTTP. Should I possibly over-ride the User-Agent with some
sort of Mozilla, or IE string? If so, what strings are acceptable?
Here's the modified version of the script to get a passworded page:
REBOL [
Title: "Password Page Retreival"
Date: 25-Jan-2000
Purpose: "A script to fetch a web page that uses basic authentication"
File: %getsecurepage.r
Notes: {
A quick test of the scheme mechanism of reading a URL -
this should allow for retrieval of web pages that are
located behind a password protected challenge.
}
]
;host: "209.85.159.166"
http-port: open [
scheme: 'tcp
port-id: 80
timeout: 0:30
host: "127.0.0.1"
]
msg: rejoin [{GET /mysite/default.htm HTTP/1.1
Host: 127.0.0.1
Authorization: Basic } enbase webuser:letmein "^j^m^j^m"
]
print msg
insert http-port msg
while [data: copy http-port] [prin data]
print ""
close http-port
Here's the response that I get:
>> do %getsecurepage.r
Script: "Password Page Retreival" (25-Jan-2000)
GET /mysite/default.htm HTTP/1.1
Host: 127.0.0.1
Authorization: Basic d2VidXNlcjpsZXRtZWlu
HTTP/1.1 401 Access Denied
WWW-Authenticate: NTLM
Connection: close
Content-Length: 835
Content-Type: text/html
Error 401.3
HTTP Error 401
401.3 Unauthorized: Unauthorized due to ACL on
resource
This error indicates that the credentials passed by the client do not
have access to the particular resource on the server. This resource could
be either the page or file listed in th e address line of the client, or
it could be another file on the server that is needed to pro cess the file
listed on the address line of the
client.
Please make a note of the entire address you were trying to access and
then contact the Web server's administrator to verify that you have
permission to access the requested resource.
I've done some basic searches on IIS config, and it looks to be setup
correctly - keep in mind, I'm just testing this to see if I could retrieve
pages that require passwords.
- Porter Woodward
[REBOL] HTTP username/password Re:(2)
On Tue, 25 Jan 2000 [EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > with the same results. Is this just broken?
>
> Have no experience with IIS, but have you tried trace/net: true to see more
> console net-info output?
>
Petr,
here's the results of turning on the trace...
>> trace/net on
>> do %getsecurepage.r
Script: "Secure Page Retreival" (25-Jan-2000)
http://webuser:[EMAIL PROTECTED]/mysite/
URL Parse: webuser letmein 127.0.0.1 none mysite/ none
Net-log: ["Opening tcp for" HTTP]
connecting to: 127.0.0.1
Net-log: {GET /mysite/ HTTP/1.0
Accept: */*
User-Agent: REBOL 2.2.0.3.1
Host: 127.0.0.1
Authorization: Basic d2VidXNlcjpsZXRtZWlu
}
Net-log: "HTTP/1.1 401 Access Denied"
** User Error: Error. Target url: http://127.0.0.1/mysite/ could not be
retrieved. Server r
esponse: HTTP/1.1 401 Access Denied.
** Where: print read http_file
To me - it looks like REBOL simply parses out the username:password from
the URL. But I'm not sure what the results of the trace mean. I can see
that the Authorization chalenge comes up - the little box that pops up in
your browser when accessing a password protected resource is referred to
as "Basic Authentication" - not just in Microsoft's parlance.
So - I'd say the server is responding appropriately - but that REBOL isn't
reacting to it correctly, and not handing it the username and password...
- Porter Woodward
