Solved

HTTP Basic Access Authentication

Posted on 2014-01-08
17
2,246 Views
Last Modified: 2014-01-12
Based on prior questions and answers, I thought I'd finally gotten a handle on this, but I'm unable to get the code working. We are setting up with OneAll for social medial login. Based on setup parameters, their site returns a token detailing the result of the login, after which I need to do a site authentication. They have no examples in vbscript but do have one in Java. I can't seem to successfully make the conversion. Can anyone see what is wrong with the vbscript.

VBScript:
	If request("connection_token") <> "" Then

		'Get connection_token
		connection_token = request("connection_token")
	
		'Site Settings
        site_subdomain = "lightningclass"
        site_public_key = "MyPublicKey"
        site_private_key = "MyPrivateKey"
		
		'API Access Domain
		site_domain = site_subdomain + ".api.oneall.com"
		
		'Connection Resource
		resource_uri = "https://" + site_domain + "/connections/"+connection_token+".xml"
		
		site_authentication = site_public_key + ":" + site_private_key

		Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
	    xmlhttp.setTimeouts 30,500,1000,1000
		xmlhttp.Open "GET", resource_uri
	    xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

		xmlhttp.Send site_authentication
		theResponse = xmlhttp.responseText

		Set xmlhttp = nothing
End If

Open in new window


Java example:
// Your Site Settings
String site_subdomain = 'REPLACE WITH YOUR SITE SUBDOMAIN';
String site_public_key = 'REPLACE WITH YOUR SITE PUBLIC KEY';
String site_private_key = 'REPLACE WITH YOUR SITE PRIVATE KEY';
 
// API Access Domain
String site_domain = site_subdomain + '.api.oneall.com';
 
// Connection Resource
resource_uri = 'https://' + site_domain + '/connections.json';
 
  // Result Container
String result_json = "";
 
try
{
  // Forge authentication string username:password
  String site_authentication = site_public_key + ":" + site_private_key;
  String encoded_site_authentication = new String(new Base64().encode(site_authentication.getBytes())).replaceAll("[\n\r]", "");
        
  // Setup connection
  URL url = new URL (resource_uri);
  HttpURLConnection connection = (HttpURLConnection) url.openConnection();
   
  // Connect using basic auth
  connection.setRequestMethod("GET");   
  connection.setRequestProperty("Authorization", "Basic " +  encoded_site_authentication);
  connection.setDoOutput(true);
  connection.setReadTimeout(10000);
  connection.connect();
  connection.getInputStream();
   
  StringBuilder sb = new StringBuilder();
  String line = null;
 
  // Read result
  BufferedReader rd = new BufferedReader(new InputStreamReader(connection.getInputStream()));
  while ((line = rd.readLine()) != null) {
    sb.append(line);
  }
  result = sb.toString();
 
} 
catch (Exception e)
{
  e.printStackTrace();
}
 
// Done
System.out.println (result);

Open in new window

0
Comment
Question by:slegy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
17 Comments
 

Author Comment

by:slegy
ID: 39766877
Thank you. It wasn't a valid key, but your change was a better ay to do it.
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39766884
What errors are you getting from your sample vbscript?  

Are you following the workflow? http://docs.oneall.com/services/workflow/social-login/

1) User logs in via their choice of social and a call back is sent to your site to a url you have set up.  Receive a connect token via a post.

2) Your callback script checks to see it they are in your database.

3) If yes, give access.  If not, check if proper info etc.

Which part are you on?  Did you try your vb sample?  What error are you getting?  What do you get if you try <%= theResponse%>at the end
0
 

Author Comment

by:slegy
ID: 39769795
I'm trying to work with OneAll, but they have very limited support. You have called my attention to some things that I hadn't fully understood. I haven't even gotten to the database part yet. The following message is what I get back from the API:

Return:   Wed, 08 Jan 2014 23:50:41 +0100 /connections/6ce32d34-a504-457f-a0d0-4a673cdb87ca.xml error 401 Authentication credentials are missing or incorrect: http://docs.oneall.com/api/basic/authentication/   

Here is the response I last received:
to test you can open this url in your browser:
https://lightningclass.api.oneall.com/connections/2314f872-c0b0-4370-ac77-55bbf4742a56.xml 

And then manually enter your credentials:
Here is the site authentication being sent: public_key:Private_key
This works as intended, so the credentials are correct.

The errors has to be in your code. You are probably not doing a correct http basic access authentication.

I submitted this question with the hope of getting some assistance/verification with the callback code since the indication is that the http basic access authentication code must be the reason for the error message.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Expert Comment

by:RobSampson
ID: 39769853
Hi, perhaps try this to see if it works better in VBScript:
If request("connection_token") <> "" Then

		'Get connection_token
		connection_token = request("connection_token")
	
		'Site Settings
        site_subdomain = "lightningclass"
        site_public_key = "MyPublicKey"
        site_private_key = "MyPrivateKey"
		
		'API Access Domain
		site_domain = site_subdomain & ".api.oneall.com"
		
		'Connection Resource
		resource_uri = "https://" & site_domain & "/connections/" & connection_token & ".xml"
		
		site_authentication = site_public_key & ":" & site_private_key
		encoded_site_authentication = Base64Encode(site_authentication)

		Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
	    xmlhttp.setTimeouts 30,500,1000,1000
		xmlhttp.Open "GET", resource_uri
	    xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
	    xmlhttp.setRequestHeader "Authorization", "Basic " & encoded_site_authentication

		xmlhttp.Send site_authentication
		theResponse = xmlhttp.responseText

		Set xmlhttp = nothing
End If

Function Base64Encode(inData)
'ripped from: 
'http://www.pstruh.cz/tips/detpg_Base64Encode.htm
  'rfc1521
  '2001 Antonin Foller, PSTRUH Software, http://pstruh.cz
  Const Base64 = _
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
  Dim sOut, I
  
  'For each group of 3 bytes
  For I = 1 To Len(inData) Step 3
    Dim nGroup, pOut
    
    'Create one long from this 3 bytes.
    nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _
      &H100 * MyASC(Mid(inData, I + 1, 1)) + _
      MyASC(Mid(inData, I + 2, 1))
    
    'Oct splits the long To 8 groups with 3 bits
    nGroup = Oct(nGroup)
    
    'Add leading zeros
    nGroup = String(8 - Len(nGroup), "0") & nGroup
    
    'Convert To base64
    pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) + _
      Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) + _
      Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) + _
      Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1)
    
    'Add the part To OutPut string
    sOut = sOut + pOut
    
  Next
  Select Case Len(inData) Mod 3
    Case 1: '8 bit final
      sOut = Left(sOut, Len(sOut) - 2) + "=="
    Case 2: '16 bit final
      sOut = Left(sOut, Len(sOut) - 1) + "="
  End Select
  Base64Encode = sOut
End Function

Function MyASC(OneChar)
  If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar)
End Function

Open in new window

0
 

Author Comment

by:slegy
ID: 39771817
Thank you so much for your very detailed response. I've been trying to get the VBScript version working from the beginning. That is my first choice.

I've tried exactly what you suggested and am still getting the same 401 error message. I also tried to send the encoded site authentication - with the same results. Notice you added another request header with the encoded authentication. Even tried using that by itself - same.

The only conclusion I can reach is that I'm not sending what they expect. I've reviewed the PHP/CURL and Java examples and can't see that anything is wrong.
0
 

Author Comment

by:slegy
ID: 39772760
Well I finally heard back from OneAll. They informed me that my authentication code is incorrect and referred me to:
http://zanstra.home.xs4all.nl/inTec/ServerXMLHTTP.htm

I altered my code as follows:
Dim connection_token, site_domain, site_subdomain, site_public_key, site_private_key, resource_uri
	Dim result_json, site_authentication, encoded_site_authentication
	Dim http: Set http = Server.CreateObject("MSXML2.ServerXMLHTTP")

	If request("connection_token") <> "" Then

		'Get connection_token
		connection_token = request("connection_token")
	
		'Site Settings
        site_subdomain = "lightningclass"
        site_public_key = "c680df0b-767g-40d8-8951-32ab89b1be7e"
        site_private_key = "d0b63363-bb98-4ab6-b3b8-40d4b11b5981"
		
		'API Access Domain
		site_domain = site_subdomain + ".api.oneall.com"
		
		'Connection Resource
		resource_uri = "https://" + site_domain + "/connections/"+connection_token+".xml"
		
		site_authentication = site_public_key + ":" + site_private_key
		
		'Always specify username/password here, for fail safety
		http.open "GET", resource_uri, False, site_public_key, site_private_key
		http.setRequestHeader "Authorization", "Basic " & Base64Encode(site_authentication)
		http.send
		
		Response.ContentType = "text/xml"
		http.responseXML.save Response
End If

Open in new window


I must be getting a little closer, but am still getting an error message. But it is formatted as follows:
    <?xml version="1.0" encoding="UTF-8"?>-<response>
          -<request>
                 <date>Sat, 11 Jan 2014 00:30:35 +0100</date>
                 <resource>/connections/9f671859-7440-4926-ab7f-5e8a206c8db4.xml</resource>
                -<status>
                         <flag>error</flag>
                         <code>401</code>
                         <info>Authentication credentials are missing or incorrect: http://docs.oneall.com/api/basic/authentication/</info>
               </status>
         </request>
</response>

Open in new window


Looks like I'm getting close. Have I misinterpreted the code? Also, I'm a little unclear on the last instruction (http.responseXML.save Response). I am going to need to store the response so I can test it.
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39772861
Going back to http:#a39769795  you have a link https://lightningclass.api.oneall.com/connections/2314f872-c0b0-4370-ac77-55bbf4742a56.xml 

What are you able to put in the username and password manually to get it to work?
0
 

Author Comment

by:slegy
ID: 39773484
This just gets weirder and weirder. If you click on the above https link, and XML response that I should be getting displays. This morning I entered that link in both Firefox and Chrome. Each ask for user and password. When I enter them, the "success" XML displays.

Then I tried using the exact code from http://zanstra.home.xs4all.nl/inTec/ServerXMLHTTP.htm and filling in the fields manually. Still get the 401 error. There is some small glitch somewhere, and I'm still looking!
0
 

Author Comment

by:slegy
ID: 39773518
Am I correct in using the resource_uri in the http.open?
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39773526
I thought all of this sounded familiar  

http:Q_28318734.html#a39723249

Is this current question you are on supposed to get the initial oAuth key or is it the 2nd step?
0
 

Author Comment

by:slegy
ID: 39773559
Regrettably, that was also me. I thot you'd put me on the right track, but then OneAll told me that I wasn't doing a correct http basic access authentication and referred me to http://zanstra.home.xs4all.nl/inTec/ServerXMLHTTP.htm. After I determined that I could access the API with an existing token and succeeded in getting the correct XML returned after entering the userID and password, I thought I'd finally figured it out. Not so. I've been researching vbscript authentication code all morning, but no matter what I do, I get the 401 error when executing my script..
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39773874
It does not matter if you use asp or php or another language.  What matters is the sequence of events and I still am not sure what we are working on.  

Which step are we working on?

Maybe this will help   http://scottdesapio.com/VBScriptOAuth/
0
 

Author Comment

by:slegy
ID: 39773991
Thank you so much for your time. You've been so patient. Have slugged it out most of the day and have finally got it working (for reasons I'm not exactly clear on - so much testing, so many variations). Here is the very straightforward code:
  Dim connection_token, site_subdomain, site_public_key, site_private_key, xmlDoc
  Dim http: Set http = Server.CreateObject("MSXML2.ServerXMLHTTP")

		'Get connection_token
		connection_token = request("connection_token")

		'Site Settings
        site_subdomain = "lightningclass"
        site_public_key = "public key"
        site_private_key = "private key"
			
		'API Access Domain
		site_domain = site_subdomain + ".api.oneall.com"
		
		'Connection Resource
		resource_uri = "https://" + site_domain + "/connections/"+connection_token+".xml"
		site_authentication = site_public_key + ":" + site_private_key
		
		'Always specify username/password here, for fail safety
		http.open "GET",resource_uri,False,site_public_key,site_private_key
		http.setRequestHeader "Authorization", _
		  "Basic " & Base64Encode(site_authentication)
		http.send

		Response.ContentType = "text/xml"
		http.responseXML.save Response
		set xmlDoc=http.responseXML
	
		set http = nothing

Open in new window

Now I'm faced with the next problem. The XML file displays on the screen. I need to be able to save it so I can test some fields and save some fields. The file that is being saved has lost all formatting and labels. Have been scouring the web for answers. I'm guessing for our purposes, this should be a separate question.
0
 
LVL 53

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 39774129
to read the xml it will be something like

Let's say your xml looks llike
<social_link>123abc</social_link>


Set objReturn = CreateObject("MSXML2.DOMDocument")
objReturn.LoadXml xmlDoc ' http.responseXML
if objReturn.getElementsByTagName("social_link").length>0 then
		social_link	=objReturn.getElementsByTagName("social_link").Item(0).Text
		else
		social_link="Error - Not returned"
end if
response.write "<hr>social_link= "&social_link

Open in new window

0
 

Author Closing Comment

by:slegy
ID: 39775419
I can't thank you enough. You saved my life and, just as important, my sanity! Reading the XML file is working perfectly. Life is good again!
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39775425
Awesome!  

I know this stuff can be hard to get your head wrapped around it the first time and at this point you will not find any samples in classic asp.  It is hard to find pure xml examples which would make your life a little easier.  

Good luck on the rest!
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
American Express @Work site and Java 4 95
xml with php question 5 53
VB6 Enviroment 3 35
Overriding a method 3 12
In this post we will learn different types of Android Layout and some basics of an Android App.
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question