Hello,
I’m trying to set credentials in the HttpClient header, but I still receive a 401 Unauthorized response.
I’m working with an AXIS camera, and authentication is required to start recording.
The header looks like this:
.
Base64 encoding is used, and the camera service works correctly with other testing tools.
Do you have experience or suggestions on how to properly set the request header for authentication?
Thank you
Kind regards
Michal Malek
It seems that the Axis camera recording only accepts Digest authentication and cannot be configured otherwise.
Does anyone have experience using Digest authentication with a PLC?
Thank you.
Michal Malek
Hi,
I haven’t experience with digest auth.
But a short look into the definition of digest auth let me think, that it would be some work to implement butat least it could be possible:
Looks like that you need a MD5 or SHA256 function (depends on the RFC the server you’re connecting with was built on), which aren’t part of the standard set ob libraries available for Automation Runtime. But as those algorithms are “pure mathematics”, should be possible to create them (please be aware of lincense topics if using “code from the internet”!).
For test purposes, maybe this basic implementations are interesting, the C code behind looks like it could be pretty good ported.
Best regards!
Hi Alexander,
Thank you for your comments and the link. There are indeed several coding possibilities for the digest itself.
However, I realize that I didn’t formulate my question correctly. My main interest lies in B&R’s Ashttp.h library.
The authentication information is exchanged between the client and the service at the header level. That is, the client sends a command to the web service, and the service responds with a data buffer containing the payload, while the connection and authentication data are included in the header.
Here’s where the issue arises with my camera: the full response header contains authentication parameters (e.g., realm, nonce), which I can see in an API testing tool. However, my client (httpClient) receives all the connection data but not the authentication data.
So, my question could be reformulated as follows:
Is the structure httpHeaderLine_t within httpRequestHeader_t/httpResponseHeader_t designed to contain additional information such as authentication data?
If not, where is the complete header data stored?
Has anyone here worked with authentication parameters in httpClient headers?
Thank you.
Best regards,
Michal Malek
Hi Michael,
on the best of my knowledge:
yes, as long as a information has to be transported via the http header, using the httpRequestHeader_t/httpResponseHeader_t structures is the right way.
“Authorization” is one of the standardized http header fields, so I’m pretty sure it’s the right way (even if I haven’t used “Authorization”, I used other of these header fields in past in the same way).
Regarding the servers response:
to receive additional header information from the server into your application, you have to use the httpResponseHeader_t.
If setting up (via the userLine) the header line name element in the httpResponseHeader_t before sending the request, you should get the additional header line value after the call was responded.
Or, if there’s too much information in the response header for usage of userLine, you can use the raw header portion of httpResponseHeader_t to parse out every information you need on your own (because of the httpHeaderLine_t definition and element sizes, I assume it could be neccessary to use rawHeader in your usecase) .
Please see here for more information (under “Usage with httpClient()”:
Best regards!
Hello Alexander,
You are completely right, but in reality all connection information is received except the authorization data.
The full data looks like this (send via Postman):
but the headers requested and received by B&R httpClient:
does not contain the authentication data.
That’s why I’m asking whether anyone has experience with exchanging authorization data via HTTP headers. From my point of view it’s doesn’t work.
Thank you
Regards
Michal
Hi,
I can’t see any name setup in your userLine[0] of the responseHeader - you have to set a name there to advice the functionblock to parse the header for the value.
For example if you want to get the value of “Server” from the response header, you have to set userLine[0].name := ‘Server’ before calling HttpClient().
This would be the same way for “WWW-Authenticate” - but as the value seems to be very long, I think it does not fit into the .value[0] field (which has STRING[80] as I remember).
So, are you using rawHeader (I can’t see in the screenshot)?
If not, please configure rawHeader like:
rawHeader.pData := ADR(myHeaderString);
rawHeader.dataSize := SIZEOF(myHeaderString);
… and declare “myHeaderString” as array of STRING[80], for example STRING[80][20] → this declaration is not mandatory, you need just a string / USINT array that’s long enough to store the whole header. But declaring so, it gives you the possibility to open the string array directly in a watch window without cutting information off.
Is even doing so no addtional header information available?
Hi Alexander,
thank you very much for your help! I had completely misunderstood the concept of userLine, but now it’s clear.
Once again, thank you.
Best regards,
Michal Malek
