Xojo.Net.HTTPSocket MAC-PC difference

Carl_Fitzsimmons · August 18, 2017, 7:47pm

I am requesting information from IP Cameras on a cross platform application using Xojo.Net.HTTPSocket. I defined a class called Camera_Socket and have two Event Handlers.

[quote]AuthenticationRequired
PageReceived[/quote]
Inside AuthenticationRequired I have Username and Password

Then I create a new socket of Camera_Socket() then format myURL= “http://ip/request_format_specific_to_device” (FYI - myURL is TEXT), then I set the new sockets IP Address and then complete this with New Socket.SEND(“GET”, myURL)

On the MAC I get a correctly returned response and on the PC I get

[quote]

401 Unauthorized

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

[/quote]

If I take myURL and place it into a web browser on the PC and after manually typing Username-Password I get the correct response

What changes should I address in order to get the correct response on a PC?

DerkJ · August 18, 2017, 9:27pm

Try to set the header yoursef perhaps?

You return true after the authentication?

Carl_Fitzsimmons · August 18, 2017, 10:38pm

@Derk Jochems - I do return True. Header is set

Thom_McGrath · August 18, 2017, 10:55pm

AuthenticationRequired doesn’t work on Windows. You need to add your own authentication header before making the request.

Carl_Fitzsimmons · August 19, 2017, 11:23pm

@Thom McGrath - makes - thanks. I looked and did not see this as a bug. Seems like it should be

Using 2017r2 Pro and defining a Xojo.Net.HTTPSocket I set this

#If Not TargetMacOS Then _controller1.RequestHeader("Authorization") = Username.ToText + ":" + Password.ToText #Endif
prior to _controller1.Send("GET", _url) and I still have the same response in Windows

Dim _controller1 As New DeviceInfo_Socket()
Is defined as a Xojo.Net.HTTPSocket

Andrew_Lambert · August 20, 2017, 12:23am

The username:password part must be base64 encoded, and preceded by basic (that’s “basic” + space)

_controller1.RequestHeader("Authorization") = "basic " + EncodeBase64(Username.ToText + ":" + Password.ToText)

Thom_McGrath · August 20, 2017, 1:42am

[quote=346588:@Andrew Lambert]The username:password part must be base64 encoded, and preceded by basic (that’s “basic” + space)

_controller1.RequestHeader("Authorization") = "basic " + EncodeBase64(Username.ToText + ":" + Password.ToText)

And honestly, I would just use that header on macOS too. You’ll save an HTTP request that way.

Carl_Fitzsimmons · August 27, 2017, 3:45pm

@Thom McGrath - sounds like a good idea

When I implement this _controller1.RequestHeader("Authorization") = "basic " + EncodeBase64(Username.ToText + ":" + Password.ToText)
I receive the following when I go to run-debug wMain.mLoadDoors, line 20

[quote]There is more than one item with this name and it’s not clear to which this refers.
_controller1.RequestHeader(“Authorization”) = "basic " + EncodeBase64(Camera_Username.ToText + “:” + Camera_Password.ToText)[/quote]

Upon further testing this is the same in Windows when doing debug

Any idea on what I need to add to the Class DoorSocket() in order to get this to compile and run correctly? I tried to add several parameters to satisfy _controller1.RequestHeader needs but none have worked

Thom_McGrath · August 27, 2017, 3:53pm

EncodeBase64 takes a string parameter. Drop the ToText on the parameter, use ToText on the returned value. Should work fine. If you need iOS support though (which I don’t believe you do) you’ll need a base 64 encoder that only uses the new framework.

_controller1.RequestHeader("Authorization") = "basic " + EncodeBase64(Camera_Username + ":" + Camera_Password).ToText

Carl_Fitzsimmons · August 27, 2017, 4:58pm

@Thom McGrath - thanks - now I can debug however both OS X and Windows now fail for same authentication failure identified earlier

I have tried:
Remove - AuthenticationRequired
Placed - me.RequestHeader(“Authorization”) = "basic " + EncodeBase64(Camera_Username + “:” + Camera_Password).ToText in AuthenticationRequired
Leave AuthenticationRequired blank

none of these changes eliminates the authentication error

[quote]

401 Unauthorized

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

[/quote]

Thom_McGrath · August 27, 2017, 5:06pm

There are a few possibilities.

First, maybe the server requires a capital B in “basic.”

If that doesn’t do it, then you may be SOL. Basic HTTP authentication is totally insecure and should only be used via SSL. Alternatively, Digest authentication is more secure, but harder to compute. When you get the 401 error back, check the response headers, they will tell you what you need to know to authenticate. Digest authentication will include extra values such as a challenge and nonce.

https://en.m.wikipedia.org/wiki/Digest_access_authentication

For the record, you can still compute the header if the server requires digest authentication. But it’s much more of a challenge.

John_A_Knight_Jr · August 28, 2017, 1:43am

From one of my projects:

dim a as string; a = EncodeBase64(userID+":"+userPass,0) mySocket.RequestHeader("Authorization") = "Basic " + a.ToText

Specify zero length to EncodeBase64 to prevent line breaks
The ID:Password combination is allowed greater than 64 characters.

Carl_Fitzsimmons · August 31, 2017, 4:51pm

Well this may be something on the PC side of XOJO with a potential aspect to Axis Camera devices but that makes less sense to me at this point and here is why.

First - background:
In this effort I am sending an http request to Axis Cameras - not Companion Cameras. [quote]That is important because Axis Companion Cameras are locked down from such requests[/quote]

Second:
On OS X - Using the same URL address and placing this request into the Web Address area in Safari, Firefox or Chrome I am presented with the standard login request and once completed I receive a result as expected by Axis VAPIX documentation.

On Windows doing the same using Microsoft Edge, Chrome or Firefox I receive the same as in OS X.

Third:
I have attempted various ways to change the suggestions with no solution. I still receive

[quote]

401 Unauthorized

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

[/quote]

What is interesting though is after looking at the response my request is answered

[quote]

401 Unauthorized

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Brand.ProdNbr=P3225-LV[/quote]

In OSX using the same request this is what is returned

[quote]Brand.ProdNbr=P3225-LV
[/quote] and that is a complete copy of what is received in Content from PageReceived event

In XOJO to prepare I use the following

Dim _url As Text
Dim a As String

   _url = "http://" + IP_TF.Text.ToText + "/axis-cgi/param.cgi?action=list&group=Brand.ProdNbr"
  
  // Create CameraStreamSocket (Xojo.Net.HTTPSocket)
  Dim _controller1 As New DeviceInfo_Socket()
  _controller1.Address = IP_TF.Text.ToText
  _controller1.RequestType = DeviceInfo_Socket.Info_Request_Type.ProdNbr
  
  a = EncodeBase64(Camera_Username + ":" + Camera_Password,0)
  _controller1.RequestHeader("Authorization") = "basic " + a.ToText
  
  // Send the request to download the Device Info
  _controller1.Send("GET",  _url)
  
  // Add socket to array of Device Info sockets.
  pDeviceInfo_Sockets.Append(_controller1)

Since multiple web browser responses are the same on both OS X and Windows it appears this may be something on the Win - XOJO side.

I can see how to ‘kludge’ around this however I think it better to find out how to properly address this so responses are correct. Any other suggestions? Thanks

Thom_McGrath · August 31, 2017, 4:58pm

Right! That was the issue! It wasn’t that AuthenticationRequired doesn’t work at all, it’s that the body from the initial request gets included with the reply to the second request.

When you make an HTTP request without the Authorization header, the server replies with a 401, the socket triggers AuthenticationRequired with the details you need, and the socket sends a new request which does include the header. So it’ll always take 2 requests if you do not include the Authorization header yourself.

The bug is that the content from the first request is supposed to be cleared from the buffer, but that isn’t happening on Windows. Can you PM me a url - no authentication - that I can use to see the headers the camera is returning? Or you can use curl -I <url> at the command line to see the headers. That would be very helpful.

Carl_Fitzsimmons · August 31, 2017, 7:54pm

@Thom McGrath - thanks for your assistance this afternoon

The appears to be a bug in the way XOJO handles HTTPSocket in Windows. OS X appears to be ok.

I have opened Case 49415 - Xojo.Net.HTTPSocket 401 error - Windows Only. Please have a look. Afterwards consider providing feed back and support

Thanks

Carl_Fitzsimmons · September 1, 2017, 8:05pm

Hello to members of this thread,

I have been informed by XOJO that the problem has been identified and fixed and is currently waiting verification from the testing staff. This improvement will potentially appear in the next release and if so will be available in the next Beta.

If accurate this would be great

@Thom McGrath - thanks for your comments in the case and assistance throughout