Authentication Issue

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
AcmeKB
Posts: 1
Joined: Fri Dec 02, 2022 7:32 pm

Authentication Issue

Post by AcmeKB »

We have an application that is connecting to a RESTful web service, specifically to post a JSON request and get back a JSON response. The service uses basic auth for authentication. The production version works fine, which is using an older version of HTTPAPI (v 1.33). They have changed which server we talk to and when testing, our application can no longer connect to the web service, even using the latest version of HTTPAPI. It is failing during the authentication handshake. It appears that the production version issues a GET request first and then when that is rejected, it properly switches to a POST and succeeds from there. In the test version, the initial GET request fails and once that happens, it never recovers.

Below is a snippet of the Good Log from Production:
GET /api/getallprices HTTP/1.1
Host: lmpapi.XXXXXXXXXX:2601
User-Agent: http-api/1.32
Authorization: NTLM TlRMTVNTUAABAAAAByIAAAAAAAAAAAAACgAKACAAAABMSVFVT1IgICAg

recvresp(): entered
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFAoECpeMp3iDGCGoAAAAAAAAAAKoAqgA+AAAABgOAJQAAAA9DAFMAUwACAAYAQwBTAFMAAQAWAEMATwBNAEwATQBBAFAASQBQADAAMQAEAB4AYwBzAHMALgBpAGQALgBvAGgAaQBvAC4AZwBvAHYAAwA2AGMAbwBtAGwAbQBhAHAAaQBwADAAMQAuAGMAcwBzAC4AaQBkAC4AbwBoAGkAbwAuAGcAbwB2AAUAFgBpAGQALgBvAGgAaQBvAC4AZwBvAHYABwAIAG7DmB6v+tgBAAAAAA==
Date: Thu, 17 Nov 2022 18:05:04 GMT
Content-Length: 341


SetError() #13: HTTP/1.1 401 Unauthorized
recvresp(): end with 401
recvdoc parms: identity 341
interpret_auth(): entered
SetError() #36: This page requires a user-id & password
AuthPlugin_mustReceiceAuthErrorPage(): entered
recvdoc(): entered
SetError() #0:
recvdoc(): Receiving 341 bytes.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Authorized</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Authorized</h2>
<hr><p>HTTP Error 401. The requested resource requires user authentication.</p>
</BODY></HTML>

SetError() #36: This page requires a user-id & password
do_oper(POST): entered
AuthPlugin_produceAuthenticationHeader(): entered
There are 0 cookies in the cache
POST /api/getallprices HTTP/1.1
Host: lmpapi.ohio.gov:2601
User-Agent: http-api/1.33
Content-Type: application/json
Content-Length: 38
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADaANoAWAAAAAAAAAAAAAAAKAAoADIBAAAUABQAWgEAAAAAAAAAAAAABQIAALJ/wRr7m/2AlA0TSB63J15pRU/heVgJhkMDMxjt42F01xHSKLp0fYgBAQAAAAAAAACOsKIBiu4DBSUCGCB7UJUAAAAAAgAGAEMAUwBTAAEAFgBDAE8ATQBMAE0AQQBQAEkAUAAwADEABAAeAGMAcwBzAC4AaQBkAC4AbwBoAGkAbwAuAGcAbwB2AAMANgBjAG8AbQBsAG0AYQBwAGkAcAAwADEALgBjAHMAcwAuAGkAZAAuAG8AaABpAG8ALgBnAG8AdgAFABYAaQBkAC4AbwBoAGkAbwAuAGcAbwB2AAcACABuw5ger/rYAQAAAAAAAAAANQAwADAANwA2ADQANwAxAEAAaQBkAC4AbwBoAGkAbwAuAGcAbwB2AEwASQBRAFUATwBSACAAIAAgACAA


And this is a snippet of the Bad Log:


GET /api/getallprices HTTP/1.1
Host: lmpapidev.xxxxxxxx:2601
User-Agent: http-api/1.45
Authorization: NTLM TlRMTVNTUAABAAAAByIAAAAAAAAAAAAACgAKACAAAABRUEFERVYwMEhG

recvresp(): entered
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/8.5
WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="+Upgraded+v14152184995a85a591535d04e8eee4a8881b1ea63b405d901ad84674bfd39196542d1969904386a36539856d71ba7ae58f8860a340b1cca87",charset=utf-8,realm="Digest"
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 01 Dec 2022 18:40:31 GMT
Content-Length: 1293

SetError() #13: HTTP/1.1 401 Unauthorized
recvresp(): end with 401
recvdoc parms: identity 1293
interpret_auth(): entered
interpret_auth(): entered
interpret_auth(): entered
SetError() #36: This page requires a user-id & password
header_load_cookies() entered
AuthPlugin_mustReceiceAuthErrorPage(): entered
recvdoc(): entered
SetError() #0:
recvdoc(): Receiving 1293 bytes.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>

SetError() #36: This page requires a user-id & password
SetError() #36: failed validating type-2 message
http_close(): entered

This is part of the program to call the service...


FD = open(%Trim(ResponseFile):
O_WRONLY+O_TRUNC+O_CREAT+O_CCSID:
511:
1208);
If FD < 0;
Error = TRUE;
LeaveSr;
EndIf;

// Open persistent connection to the service.
pComm = http_persist_open(%Trim(PRURL));

// Set the required credentials.

http_setauth(HTTP_AUTH_NTLM:%Trim(PRUSER):%Trim(PRPASS));

// Call the service.

If http_persist_post(pComm:
%Trim(PRURL):
0:
*Null:
%Addr(PostData):
%Len(%Trim(PostData)):
FD:
%PAddr('write'):
HTTP_TIMEOUT:
'http-api/1.33':
'application/json') = -1;
Error = TRUE;
EndIf;

// Close http connection.

http_persist_close(pComm);

// Close output file

CallP close(FD);


This is all very new to me and would appreciate any help in trying to figure out what the difference is.
Post Reply