HTTP-POST authenticated

[cferriol]

Hi
I need to used HTTP-POST with authetication. I follow ID: P125506 Title: "How to Post a HTTP Request using 4GL" for a normal post but how can I authenticate to the service?
I meant how do I send username and password?

 

[Casper]

I never tried this but from www.w3.org I got this (http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html)

<H3>11.1 Basic Authentication Scheme

The "basic" authentication scheme is based on the model that the user agent must authenticate itself with a user-ID and a password for each realm. The realm value should be considered an opaque string which can only be compared for equality with other realms on that server. The server will authorize the request only if it can validate the user-ID and password for the protection space of the Request-URI. There are no optional authentication parameters.
Upon receipt of an unauthorized request for a URI within the protection space, the server should respond with a challenge like the following:
WWW-Authenticate: Basic realm="WallyWorld"where "WallyWorld" is the string assigned by the server to identify the protection space of the Request-URI.
To receive authorization, the client sends the user-ID and password, separated by a single colon (":") character, within a base64 [5] encoded string in the credentials.
basic-credentials = "Basic" SP basic-cookie basic-cookie = <base64 [5] encoding of userid-password, except not limited to 76 char/line> userid-password = [ token ] ":" *TEXT
If the user agent wishes to send the user-ID "Aladdin" and password "open sesame", it would use the following header field:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
The basic authentication scheme is a non-secure method of filtering unauthorized access to resources on an HTTP server. It is based on the assumption that the connection between the client and the server can be regarded as a trusted carrier. As this is not generally true on an open network, the basic authentication scheme should be used accordingly. In spite of this, clients should implement the scheme in order to communicate with servers that use it. </H3>

So basically you should add this in the header:

POST /u/r/l/post HTTP/1.1
Host: h.o.st
Content-type: application/x-www-form-urlencoded
Content-length: 51
Authorization: Basic blahblahblahblahblahblah==

HTH,

Casper

 

[cferriol]

Ok, thank you. I'll try later.
But how should I encode the userIdassword string?

 

[Cecil]

Ok, thank you. I'll try later.
But how should I encode the userIdassword string?

The password looks like the password is BASE64 encoded. If you are using OE 10.1x encoding a password is easy as OE has support for BASE64.

 

[Casper]

Yep it is the base64 encoding of the user-idassword string.

So either use base64-encode function (OpenEdge 10.0B +)
or use 4GL. There is some sample code @ freeframework.org

http://www.freeframework.org/downloads/new/base64/


HTH,

Casper.

 

[cferriol]

Ok, thank you.
Now I did this

# telnet server1.domain.com 8020 'here is the server DNS

'I get server connection

Trying 10.200.52.47...
Connected to server1.domain.com (10.200.52.47).
Escape character is '^]'.

'Now what I need
POST /sap/xi/adapter_plain?and more HTTP/1.1
Host: server1.domain.com:8020
Content-type: application/x-www-form-urlencoded
Content-length: 29
Authorization: Basic dGVuc3ZpOlhaWVRHQjY0==

'After authentication I need to send and XML
Content-Length: 293
Accept: text/html
<?xml version='1.0' encoding='UTF-8'?>
<CorporateProductOut><TDCIDMSG>000000000000</TDCIDMSG><TDCQTERR>000</TDCQTERR><TDCIDINT>PRO002</TDCIDINT><TDCOPZ>IN</TDCOPZ><TDCCDESP>CN002408521115040050000027315000004550073</TDCCDESP><TDCFLERR>0</TDCFLERR><TDCERROR>000</TDCERROR></CorporateProductOut>



And everything goes wrong. A lot error message.
I'm sure that the loginassword base64 string is correct but I'm not sure that the whole POST string is correct.

 

[cferriol]

We did it.
Thank you all guys.