?
Solved

HTTP Request / HTTP Basic Authentication

Posted on 2013-12-15
2
Medium Priority
?
1,160 Views
Last Modified: 2013-12-30
We are running a classic ASP site. As part of our system upgrades, I'm trying to implement social media login on OneAll. For the most part, it works well, but to fully implement, they specify the inclusion of a callback script for authentication purposes. The examples they provide are for PHP and Java. For security purposes, I would like to do it in VBScript. However, I do not have the skill set to accomplish what is needed.

They tell me the requirements are:
   * making a connection to a distant server and parsing a JSON structure
   * making an HTTP request to their API server and using HTTP Basic authentication

I'm not even sure that this is possible on our site. So, that is my first question.

Here is the code I've attempted to put together:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
      On Error
      If request("connection_token") <> "" Then  
        Dim conn, rs, sql, valid
        Dim connection_token, site_domain, site_subdomain, site_public_key, site_private_key, resource_uri
            Dim result_json, site_authentication, encoded_site_authentication, result, line

            'Get connection_token
            connection_token = request("connection_token")
      
            'Site Settings
        site_subdomain = "lightningco"
        site_public_key = "c680dg0b-767f-40d8-8951-32ab89b1be7e"
        site_private_key = "d0b63263-bb99-4ab6-b3b8-40d4b11b5981"
            
            'API Access Domain
            site_domain = site_subdomain + ".api.oneall.com"
            
            'Connection Resource
            resource_uri = "https://" + site_domain + "/connection.json"
            
            'Result Container
            result_json = ""
            
            'Forge authentication string username:password
            site_authentication = site_public_key + ":" + site_private_key
            encoded_site_authentication = new (new Base64().encode(site_authentication.getBytes())).replaceAll("[\n\r]", "")
            
            'Set up connection
            URL url = new URL (resource_url
            HttpURLConnection connection = (HttpURLConnection) url.openConnection()
            
            'Connect using basic auth
            connection.setRequestMethod("GET")  
              connection.setRequestProperty("Authorization", "Basic " +  encoded_site_authentication)
              connection.setDoOutput(true)
              connection.setReadTimeout(10000)
              connection.connect()
              connection.getInputStream()
            
            'Read result
            BufferedReader rd = new BufferedReader(new InputStreamReader(connection.getInputStream()))
            
            'Read result
            line = ""
            While Not rd.AtEndOfStream
                  line = line & rd.ReadLine
            Wend
            
            'Done
            Response.Write("<script language=VBScript>MsgBox """ + line + """</script>")

      End If
End If%>

(Error handling has not been included as yet)
The first error occurs under 'Forge authentication:
encoded_site_authentication = new (new Base64().encode(site_authentication.getBytes())).replaceAll("[\n\r]", "")

I'm lost as to know what this is doing or if it can be done in VBScript.

Any help would be greatly appreciated.
0
Comment
Question by:slegy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Scott Fell,  EE MVE earned 1500 total points
ID: 39723249
I only quickly looked at the documentation. You want to use xmlhttp post

site_subdomain = 'REPLACE WITH YOUR SITE SUBDOMAIN';
site_public_key = 'REPLACE WITH YOUR SITE PUBLIC KEY';
site_private_key = 'REPLACE WITH YOUR SITE PRIVATE KEY';
' API Access Domain
site_domain = site_subdomain&".api.oneall.com"
 'connection Resource
resource_uri = "https://"&site_domain&"/connections.json"


DataToSend="site_subdomain="&site_subdomain&"&site_public_key="&site_public_key
  Dim xmlhttp
  Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
 xmlhttp.setTimeouts 30,500,1000,1000
  xmlhttp.Open "POST", resource_uri
 xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

  On Error Resume Next
  xmlhttp.Send DataToSend
  
  If Err.Number Then
     theResponse = "Could Not create tickets"
   Err.Clear
  Else
    theResponse = xmlhttp.responseText
  End If
  On Error Goto 0
  Set xmlhttp = nothing

Open in new window


It is the response you need to parse from json http://docs.oneall.com/api/basic/responses-and-errors/

Note, the documentation on that link shows you can request json or xml.

I have not read this, but you probably need to get authorization, get a token, then submit an api call
0
 

Author Closing Comment

by:slegy
ID: 39747165
Close to working. Login appears to be successful, but an error message is being returned. Thanks for getting me on the right track.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question