PSLLC
asked on
How to authenticate against Windows Authentication from CFINVOKE
Question:
Using cfinvoke to call a MS SQL 2K web service that is behind Windows Authentication in IIS.
The username and password attributes do not work as they are in clear text. I tried doing this and it didnt work:
<cfinvoke
webservice = "http://localhost/mywebservice?wsdl"
method = "myMethod"
mytext = "SOAP Test"
username = "username@NTdomain"
password = "password"
returnVariable = "foo"/>
How do I authenticate it?
Using cfinvoke to call a MS SQL 2K web service that is behind Windows Authentication in IIS.
The username and password attributes do not work as they are in clear text. I tried doing this and it didnt work:
<cfinvoke
webservice = "http://localhost/mywebservice?wsdl"
method = "myMethod"
mytext = "SOAP Test"
username = "username@NTdomain"
password = "password"
returnVariable = "foo"/>
How do I authenticate it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to both of you - Pinal - hello from your ol' pals in LA.
Yes, I think Pinal misundertood. The web service is on a serparate machine and we need to authenticate against that, not on the same machine.
sigmacon - i dont think your suggestion works because the username password combo of cfinvoke is sent as clear text (Basic Authentication), which is a different authentication method than the web service is behind (Windows Integrated Authentication). I tried the \\domain\user.name and receieved a 401 error, which is just access denied. So the question remains how to authenticate :
Error Occurred While Processing Request
Could not perform web service invocation "mysp_test" because AxisFault faultCode: {http://xml.apache.org/axis/}HTTP faultSubcode: faultString: (401)Access Denied faultActor: faultNode: faultDetail: {}string: return code: 401 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html dir=ltr> <head> <style> a:link {font:8pt/11pt verdana; color:FF0000} a:visited {font:8pt/11pt verdana; color:#4e4e4e} </style> <META NAME="ROBOTS" CONTENT="NOINDEX" ;> <title>You are not authorized to view this page</title> <META HTTP-EQUIV="Content-T ype" Content="text-html; charset=Windows-1252" > </head> <script> function Homepage(){ <!-- // in real bits, urls get returned to our script like this: // res://shdocvw.dll/http_404 .htm#http://www.DocURL.com/bar.htm //For testing use DocURL = "res://shdocvw.dll/ht tp_404.htm #https://www.microsoft.com/bar.htm"; DocURL=document.URL; /...
The error occurred in D:\...mysoap.cfm: line 17
15 : webservice = "http://mydomain/soap/soap?wsdl"
16 : method = "mysp_test"
17 : mytext = "SOAP Test"
18 : username = "\\mydomain\username"
19 : password = "password"
Please try the following:
* Check the ColdFusion documentation to verify that you are using the correct syntax.
* Search the Knowledge Base to find a solution to your problem.
Browser Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Remote Address 68.123.90.162
Referrer
Date/Time 28-Oct-04 11:33 AM
Stack Trace
at cfmysoap2ecfm1545139204.ru nPage(D:\. ..mysoap.c fm:17)
coldfusion.xml.rpc.Service Proxy$Serv iceInvocat ionExcepti on: Could not perform web service invocation "mysp_test" because AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (401)Access Denied
faultActor:
faultNode:
faultDetail:
{}string: return code: 401
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX" ;>
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-T ype" Content="text-html; charset=Windows-1252" >
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404 .htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/ht tp_404.htm #https://www.microsoft.com/bar.htm";
DocURL=document.URL;
/...
at coldfusion.xml.rpc.Service Proxy.invo keImpl(Unk nown Source)
at coldfusion.xml.rpc.Service Proxy.invo ke(Unknown Source)
at coldfusion.runtime.CfJspPa ge._invoke (CfJspPage .java:1582 )
at coldfusion.tagext.lang.Inv okeTag.doE ndTag(Invo keTag.java :372)
at coldfusion.runtime.CfJspPa ge._emptyT ag(CfJspPa ge.java:18 72)
at cfmysoap2ecfm1545139204.ru nPage(D:\. ..mysoap.c fm:17)
at coldfusion.runtime.CfJspPa ge.invoke( CfJspPage. java:147)
at coldfusion.tagext.lang.Inc ludeTag.do StartTag(I ncludeTag. java:357)
at coldfusion.filter.Cfinclud eFilter.in voke(Cfinc ludeFilter .java:62)
at coldfusion.filter.Applicat ionFilter. invoke(App licationFi lter.java: 107)
at coldfusion.filter.PathFilt er.invoke( PathFilter .java:80)
at coldfusion.filter.Exceptio nFilter.in voke(Excep tionFilter .java:47)
at coldfusion.filter.BrowserD ebugFilter .invoke(Br owserDebug Filter.jav a:52)
at coldfusion.filter.ClientSc opePersist enceFilter .invoke(Cl ientScopeP ersistence Filter.jav a:28)
at coldfusion.filter.BrowserF ilter.invo ke(Browser Filter.jav a:35)
at coldfusion.filter.GlobalsF ilter.invo ke(Globals Filter.jav a:43)
at coldfusion.filter.Datasour ceFilter.i nvoke(Data sourceFilt er.java:22 )
at coldfusion.CfmServlet.serv ice(CfmSer vlet.java: 105)
at jrun.servlet.ServletInvoke r.invoke(S ervletInvo ker.java:9 1)
at jrun.servlet.JRunInvokerCh ain.invoke Next(JRunI nvokerChai n.java:42)
at jrun.servlet.JRunRequestDi spatcher.i nvoke(JRun RequestDis patcher.ja va:252)
at jrun.servlet.ServletEngine Service.di spatch(Ser vletEngine Service.ja va:527)
at jrun.servlet.jrpp.JRunProx yService.i nvokeRunna ble(JRunPr oxyService .java:192)
at jrunx.scheduler.ThreadPool $Downstrea mMetrics.i nvokeRunna ble(Thread Pool.java: 348)
at jrunx.scheduler.ThreadPool $ThreadThr ottle.invo keRunnable (ThreadPoo l.java:451 )
at jrunx.scheduler.ThreadPool $UpstreamM etrics.inv okeRunnabl e(ThreadPo ol.java:29 4)
at jrunx.scheduler.WorkerThre ad.run(Wor kerThread. java:66)
Yes, I think Pinal misundertood. The web service is on a serparate machine and we need to authenticate against that, not on the same machine.
sigmacon - i dont think your suggestion works because the username password combo of cfinvoke is sent as clear text (Basic Authentication), which is a different authentication method than the web service is behind (Windows Integrated Authentication). I tried the \\domain\user.name and receieved a 401 error, which is just access denied. So the question remains how to authenticate :
Error Occurred While Processing Request
Could not perform web service invocation "mysp_test" because AxisFault faultCode: {http://xml.apache.org/axis/}HTTP faultSubcode: faultString: (401)Access Denied faultActor: faultNode: faultDetail: {}string: return code: 401 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html dir=ltr> <head> <style> a:link {font:8pt/11pt verdana; color:FF0000} a:visited {font:8pt/11pt verdana; color:#4e4e4e} </style> <META NAME="ROBOTS" CONTENT="NOINDEX"
The error occurred in D:\...mysoap.cfm: line 17
15 : webservice = "http://mydomain/soap/soap?wsdl"
16 : method = "mysp_test"
17 : mytext = "SOAP Test"
18 : username = "\\mydomain\username"
19 : password = "password"
Please try the following:
* Check the ColdFusion documentation to verify that you are using the correct syntax.
* Search the Knowledge Base to find a solution to your problem.
Browser Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Remote Address 68.123.90.162
Referrer
Date/Time 28-Oct-04 11:33 AM
Stack Trace
at cfmysoap2ecfm1545139204.ru
coldfusion.xml.rpc.Service
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (401)Access Denied
faultActor:
faultNode:
faultDetail:
{}string: return code: 401
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX"
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-T
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404
//For testing use DocURL = "res://shdocvw.dll/ht
DocURL=document.URL;
/...
at coldfusion.xml.rpc.Service
at coldfusion.xml.rpc.Service
at coldfusion.runtime.CfJspPa
at coldfusion.tagext.lang.Inv
at coldfusion.runtime.CfJspPa
at cfmysoap2ecfm1545139204.ru
at coldfusion.runtime.CfJspPa
at coldfusion.tagext.lang.Inc
at coldfusion.filter.Cfinclud
at coldfusion.filter.Applicat
at coldfusion.filter.PathFilt
at coldfusion.filter.Exceptio
at coldfusion.filter.BrowserD
at coldfusion.filter.ClientSc
at coldfusion.filter.BrowserF
at coldfusion.filter.GlobalsF
at coldfusion.filter.Datasour
at coldfusion.CfmServlet.serv
at jrun.servlet.ServletInvoke
at jrun.servlet.JRunInvokerCh
at jrun.servlet.JRunRequestDi
at jrun.servlet.ServletEngine
at jrun.servlet.jrpp.JRunProx
at jrunx.scheduler.ThreadPool
at jrunx.scheduler.ThreadPool
at jrunx.scheduler.ThreadPool
at jrunx.scheduler.WorkerThre
Sorry about my idea not working. Did you cut of the beginning of the stack trace?
You said the service is on a different computer, but you are using localhost?
Please try this:
<cfinvoke
webservice = "http://user:password@localhost/mywebservice?wsdl"
...
the user name and password in the invocation I think are for the service itself, not for the transport layer authentication. Got my suggestion from:
http://cookbook.soaplite.com/#accessing%20service%20with%20basic%20authentication
You said the service is on a different computer, but you are using localhost?
Please try this:
<cfinvoke
webservice = "http://user:password@localhost/mywebservice?wsdl"
...
the user name and password in the invocation I think are for the service itself, not for the transport layer authentication. Got my suggestion from:
http://cookbook.soaplite.com/#accessing%20service%20with%20basic%20authentication
>>> Thanks to both of you - Pinal - hello from your ol' pals in LA.
Well, I do not have to teach to my teachers. I will be quitely subscribed to this thread and listen and learn.
Now, I figured it out who is PSLLC. :=))
Regards,
---Pinal
Well, I do not have to teach to my teachers. I will be quitely subscribed to this thread and listen and learn.
Now, I figured it out who is PSLLC. :=))
Regards,
---Pinal
Well, Pinal, who is PSLLC - and what did you learn from him or her ??
ASKER
Pinal is being very gracious - we worked together when he lived in Los Angeles. Pinal began his ColdFusion career with us.
Who is PSLLC -
>>> The gang of smartest ColdFusion Programmer I ever knew in my life.
What did you learn from him or her ??
>>> They tought me ColdFusion from scratch. ( I think from them I have first time heard the word CF)
Where ever I am due to them.
Regards,
---Pinal
>>> The gang of smartest ColdFusion Programmer I ever knew in my life.
What did you learn from him or her ??
>>> They tought me ColdFusion from scratch. ( I think from them I have first time heard the word CF)
Where ever I am due to them.
Regards,
---Pinal
I am so happy to put this in writing. That PSLLC have started my career in real world.
Regards,
---Pinal
Regards,
---Pinal
Well, pretty cool. Back to the question: Did anything help so far?
ASKER
hmm. Not yet. Again, the username and password
I think this may not be possible. I found some documentation on CFHTTP's use of username and password, and they are also sent as clear text and the documentation says that those attributes cannot be used to authenticate a Windows Domain. Basically, we're this is leaving me is this - we probably have to create a SSL connection, and then send the username/password via that using clear text, so that way it'd be encrypted.
BUT - I'd still rather be able to authenticate the webservice using cfinvoke!!! Argh!!
I think this may not be possible. I found some documentation on CFHTTP's use of username and password, and they are also sent as clear text and the documentation says that those attributes cannot be used to authenticate a Windows Domain. Basically, we're this is leaving me is this - we probably have to create a SSL connection, and then send the username/password via that using clear text, so that way it'd be encrypted.
BUT - I'd still rather be able to authenticate the webservice using cfinvoke!!! Argh!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My assumption about when username / password come into play was wrong - they ARE used for basic authenticaton - but what is your webserver configured to? I am pretty confident that it doesn't work with Integrated Windows Authentication using username / password. The documentation specifically mentions http headers.
ASKER
Here's the final tally I think.
I had the web server set to Windows Authentication, but not by accident, I wanted to see if we could authenticate against a Windows Domain, which we cannot.
Its been changed to basic authentication, and what we'll be doing is just creating an SSL connection to the destination server to ensure the transaction is secure/encrypted.
Thanks for all of your help.
I had the web server set to Windows Authentication, but not by accident, I wanted to see if we could authenticate against a Windows Domain, which we cannot.
Its been changed to basic authentication, and what we'll be doing is just creating an SSL connection to the destination server to ensure the transaction is secure/encrypted.
Thanks for all of your help.
Thank you. =))
PSLLC rocks!
Hello to J&J, B&B and brothers.
PSLLC rocks!
Hello to J&J, B&B and brothers.
\\domain\user.name
<cfinvoke
webservice = "http://localhost/mywebservice?wsdl"
method = "myMethod"
mytext = "SOAP Test"
username = "\\domain\user.name"
password = "password"
returnVariable = "foo"/>
If that does not work, please post the most detailed error message you can come up with here.