Coldfusion, RETS, and MRIS MLS

I need help logging into a RETS - Real Estate Transaction Server using Coldfusion.

http://ptest.mris.com:6103/ptest/login
ID = MRISTEST
PW = PMRISTEST
User-Agent = RETS Test/1.0

I know the above information is correct because its documented on their website.

<cfscript>
userAgent = 'RETS Test/1.0';
retsVersion = 'RETS/1.7';
hostname = 'ptest.mris.com';
port = '6103';
username = 'MRISTEST';
password = 'PMRISTEST';
loginArea = 'GET:/ptest/login';
loginUri = '/ptest/login';
realm = 'MRIS';
nc = '00000001';

A1 = Lcase(Hash(username & ':' & realm & ':' & password,"MD5"));
A2 = Lcase(Hash(loginArea,"MD5"));

cnonce = '';

function initial_Auth()
{
	qop = 'auth';
	nonce = '';
	opaque = '';
	response = '';
	rawDigest = 'Digest username=' & chr(34) & username & chr(34) & ',' &
	'realm=' & chr(34) & realm & chr(34) & ',' &
	'nonce=' & nonce & ',' &
	'uri=' & chr(34) & '/rets/login' & chr(34) & ',' &
	'response=' & Lcase(Hash(A1,"MD5")) & ':' & nonce & ':' & Lcase(Hash(A2,"MD5"));
	
	return rawDigest;
}

function create_Auth()
{
	tempList = Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",'','All');
	headerArr = ListToArray(Trim(tempList));
	auth_Temp = ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' ');
	auth_Type = auth_Temp[1];
	
	if (auth_Type eq 'Basic')
	{
		auth = username & ':' & password;
		encodedAuth = 'Authorization: Basic ' & toBase64(auth);
		return encodedAuth;
	}

	if(auth_Type eq 'Digest')
	{
		authStc = structNew();
		
		for(i=1;i lte ArrayLen(headerArr);i=i+1)
		{
			key = Trim(Replace(Left(headerArr[i],Find('=',headerArr[i])),'=','','ALL'));
			value = Replace(RemoveChars(headerArr[i],1,Find('=',headerArr[i],"1")),'"','','ALL');
			authStc[key] = value;
		}

		auth_Nonce = authStc['nonce'];
		auth_Opaque = authStc['opaque'];
			
		cnonce = ToString("#userAgent#:::#auth_Nonce#");
		cnonce = LCase(Hash(cnonce,"MD5"));
	
		is2069 = false;
		
		if(structKeyExists(authStc,'qop') and NOT structKeyExists(authStc,'auth_qop'))
		{
			is2069 = true;
		}
	
		if(is2069)
		{
			rawDigest = A1 & ':' & auth_Nonce & ':' & nc & ':' & cnonce & ':' & qop & ':' & A2;
			encodedAuth = 'Digest username=' & chr(34) & username & chr(34) & ',' &
			'realm=' & chr(34) & realm & chr(34) & ',' &
			'nonce=' & chr(34) & auth_Nonce & chr(34) & ',' &
			'uri=' & chr(34) & loginUri & chr(34) & ',' &
			'cnonce=' & chr(34) & cnonce & chr(34) & ',' &
			'nc=' & nc & ',' &
			'qop=' & chr(34) & qop & chr(34) & ',' &
			'response=' & chr(34) & Lcase(Hash(rawDigest,"MD5")) & chr(34) & ',' &
			'opaque=' & chr(34) & auth_Opaque & chr(34);
			
		}
		else
		{
			return 'Does not meet 2029 standards';
		}
	
		return encodedAuth;
	}
}
</cfscript>

<cfset initAuth = initial_Auth()>

<cfhttp url="http://#hostname#:#port#/#loginUri#" method="GET">
  <cfhttpparam name="User-Agent" type="header" value="#userAgent#">
  <cfhttpparam name="Accept" type="header" value="*/*">
  <cfhttpparam name="RETS-Version" type="header" value="#retsVersion#">
</cfhttp>

Open in new window


HTTP/1.1 401 Unauthorized Cache-Control: private Connection: close Date: Mon, 09 Sep 2013 23:25:07 GMT Content-Length: 0 Content-Type: text/html WWW-Authenticate: Digest realm="users@mris.com", nonce="313337383736393130373236312047c2846051a26d6b96df77059344b986", opaque="6e6f742075736564" X-Copyright: Copyright 2013 Metropolitan Regional Information Systems, Inc., unauthorized use is prohibited. RETS-Version: RETS/1.5 X-Powered-By: Servlet/2.5 JSP/2.1

I am receiving the above response from RETS.

Any help will be appreciated.

Sincerely,
Travis Walters
LVL 2
ColdfusionAdminsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ColdfusionAdminsAuthor Commented:
I found a solution here:
http://en.wikipedia.org/wiki/Digest_access_authentication

response = MD5(HA1 : nonce : HA2)

rawDigest = A1 & ':' & auth_Nonce & ':' & A2;
encodedAuth = 'Digest username=' & chr(34) & username & chr(34) & ',' &
'realm=' & chr(34) & realm & chr(34) & ',' &
'nonce=' & chr(34) & auth_Nonce & chr(34) & ',' &
'uri=' & chr(34) & loginUri & chr(34) & ',' &
'qop=' & chr(34) & qop & chr(34) & ',' &
'nc=' & nc & ',' &	
'cnonce=' & chr(34) & cnonce & chr(34) & ',' &		
'response=' & chr(34) & Lcase(Hash(rawDigest,"MD5")) & chr(34) & ',' &
'opaque=' & chr(34) & auth_Opaque & chr(34);

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ColdfusionAdminsAuthor Commented:
RFC 2069 was later replaced by RFC 2617

Thus, I had to implement the later version.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ColdFusion Language

From novice to tech pro — start learning today.