HTTP AUTHENTICATE - how to know if the authentification worked

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
Hi everyone,

I’m using HTTP AUTHENTICATE to authenticate connections to a web server. The call to authenticate is immediately followed by a HTTP get(). The HTTP get occasionally fails and I’ve been able to trace this to a failed HTTP AUTHENTICATE, which appears to be an error from the website. However, it appears there’s no way to know the authentification succeeded or failed. There is no return code and OK doesn’t get set either. So I get various errors such as -9935 from the subsequent call to HTTP get(), which isn’t very helpful.

Has anyone found an elegant workaround to find out if HTTP AUTHENTICATE() actually worked they can share?


Thanks in advance,


Paul

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
I would say that you should use the HTTP Status Code returned by HTTP Get. A well designed service should return 401 Unauthorised.

Regards,
 
Narinder Chandi,
ToolBox Systems Ltd.
 
I am available for new consulting opportunities…
http://4d.1045681.n5.nabble.com/ANN-4D-Developer-Available-td5765443.html
--

-----Original Message-----
From: 4D_Tech <[hidden email]> on behalf of 4D Tech Mailing List <[hidden email]>
Reply-To: 4D Tech Mailing List <[hidden email]>
Date: Friday, 27 September 2019 at 17:07
To: 4D Tech Mailing List <[hidden email]>
Cc: Paul Lovejoy <[hidden email]>
Subject: HTTP AUTHENTICATE - how to know if the authentification worked

    Hi everyone,
   
    I’m using HTTP AUTHENTICATE to authenticate connections to a web server. The call to authenticate is immediately followed by a HTTP get(). The HTTP get occasionally fails and I’ve been able to trace this to a failed HTTP AUTHENTICATE, which appears to be an error from the website. However, it appears there’s no way to know the authentification succeeded or failed. There is no return code and OK doesn’t get set either. So I get various errors such as -9935 from the subsequent call to HTTP get(), which isn’t very helpful.
   
    Has anyone found an elegant workaround to find out if HTTP AUTHENTICATE() actually worked they can share?
   
   
    Thanks in advance,
   
   
    Paul
   
    **********************************************************************
    4D Internet Users Group (4D iNUG)
    Archive:  http://lists.4d.com/archives.html
    Options: https://lists.4d.com/mailman/options/4d_tech
    Unsub:  mailto:[hidden email]
    **********************************************************************


**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
In reply to this post by 4D Tech mailing list
The documentation says:

> If you omit the authMethod parameter (or pass 0), you let the program choose the appropriate method to use. In this case, 4D sends an additional request in order to negotiate the authentication method.

Are you omitting the authMethod parameter? If so, I suspect the error is happening in the "additional request". If you provide that, then HTTP Get should return the right HTTP error code. Hopefully you know ahead of time what method to use and this is better because you omit the extra request and should get any error code directly from the site.

John DeSoi, Ph.D.



> On Sep 27, 2019, at 11:07 AM, Paul Lovejoy via 4D_Tech <[hidden email]> wrote:
>
> I’m using HTTP AUTHENTICATE to authenticate connections to a web server. The call to authenticate is immediately followed by a HTTP get(). The HTTP get occasionally fails and I’ve been able to trace this to a failed HTTP AUTHENTICATE, which appears to be an error from the website. However, it appears there’s no way to know the authentification succeeded or failed. There is no return code and OK doesn’t get set either. So I get various errors such as -9935 from the subsequent call to HTTP get(), which isn’t very helpful.

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
Hi John,

Thanks for your feedback. I’m passing “2” in the extra parameter. The following HTTP get() is returning an error -9935, badly formed XML. The HTTP get is supposed to be retrieving XML, actually. So the error is not totally off base. But I would prefer to know that authentification failed, not the HTTP get()

Paul

> Le 27 sept. 2019 à 18:22, John DeSoi via 4D_Tech <[hidden email]> a écrit :
>
> The documentation says:
>
>> If you omit the authMethod parameter (or pass 0), you let the program choose the appropriate method to use. In this case, 4D sends an additional request in order to negotiate the authentication method.
>
> Are you omitting the authMethod parameter? If so, I suspect the error is happening in the "additional request". If you provide that, then HTTP Get should return the right HTTP error code. Hopefully you know ahead of time what method to use and this is better because you omit the extra request and should get any error code directly from the site.
>
> John DeSoi, Ph.D.
>
>
>
>> On Sep 27, 2019, at 11:07 AM, Paul Lovejoy via 4D_Tech <[hidden email]> wrote:
>>
>> I’m using HTTP AUTHENTICATE to authenticate connections to a web server. The call to authenticate is immediately followed by a HTTP get(). The HTTP get occasionally fails and I’ve been able to trace this to a failed HTTP AUTHENTICATE, which appears to be an error from the website. However, it appears there’s no way to know the authentification succeeded or failed. There is no return code and OK doesn’t get set either. So I get various errors such as -9935 from the subsequent call to HTTP get(), which isn’t very helpful.
>
> **********************************************************************
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:[hidden email]
> **********************************************************************

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
Using a HTTP tracing tool where you could see all of the request/response values with headers might provide useful clues. My other idea would be to drop HTTP AUTHENTICATE and just build the authentication digest headers yourself.

John DeSoi, Ph.D.


> On Sep 27, 2019, at 12:47 PM, Paul Lovejoy <[hidden email]> wrote:
>
> Thanks for your feedback. I’m passing “2” in the extra parameter. The following HTTP get() is returning an error -9935, badly formed XML. The HTTP get is supposed to be retrieving XML, actually. So the error is not totally off base. But I would prefer to know that authentification failed, not the HTTP get()

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
In reply to this post by 4D Tech mailing list
are you sure it is HTTP Get that is throwing the error?

the command is not supposed to touch the body
unless you pass OBJECT and the content type is application/json
or you pass PICTURE and the content type is image/*,
or you pass TEXT and the content type is text/*

https://doc.4d.com/4Dv17/4D/17.3/HTTP-Request.301-4620861.en.html

perhaps you should pass a BLOB variable instead of TEXT.

then you could test the response header beforehand,
as well as error handle the XML parse code.

> 2019/09/28 2:47、Paul Lovejoy via 4D_Tech <[hidden email]>のメール:
>
> Thanks for your feedback. I’m passing “2” in the extra parameter. The following HTTP get() is returning an error -9935, badly formed XML. The HTTP get is supposed to be retrieving XML, actually. So the error is not totally off base. But I would prefer to know that authentification failed, not the HTTP get()




**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
In reply to this post by 4D Tech mailing list
Hi John,

Thanks for your input. I wouldn’t know where to begin creating the authentication digest myself. Can you point me somewhere?

Cheers,

Paul



> Le 27 sept. 2019 à 20:27, John DeSoi via 4D_Tech <[hidden email]> a écrit :
>
> Using a HTTP tracing tool where you could see all of the request/response values with headers might provide useful clues. My other idea would be to drop HTTP AUTHENTICATE and just build the authentication digest headers yourself.
>
> John DeSoi, Ph.D.
>
>
>> On Sep 27, 2019, at 12:47 PM, Paul Lovejoy <[hidden email]> wrote:
>>
>> Thanks for your feedback. I’m passing “2” in the extra parameter. The following HTTP get() is returning an error -9935, badly formed XML. The HTTP get is supposed to be retrieving XML, actually. So the error is not totally off base. But I would prefer to know that authentification failed, not the HTTP get()
>
> **********************************************************************
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:[hidden email]
> **********************************************************************

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: HTTP AUTHENTICATE - how to know if the authentification worked

4D Tech mailing list
Hi Paul,

Start here and see the linked RFCs.

https://en.wikipedia.org/wiki/Digest_access_authentication

I probably have some old code somewhere that implemented this, I'll see if I can dig it up and send it to you.

John DeSoi, Ph.D.



> On Sep 29, 2019, at 11:42 AM, Paul Lovejoy <[hidden email]> wrote:
>
> Hi John,
>
> Thanks for your input. I wouldn’t know where to begin creating the authentication digest myself. Can you point me somewhere?
>
> Cheers,
>
> Paul
>
>

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[hidden email]
**********************************************************************