- Topics: Active | Unanswered
Pages: 1
Topic closed
#1 2012-10-04 14:20:47
- **_ucguy_**
Getting "no-login" using the web services
Hi, have a problem with an app Im writing. (I am am creating meetings through the api/webservices via classic asp/vbscript)
It goes like this:
1. get the sessions cookie with action=common-info
2. login (admin) remembering to set the session=my cookie from step 1 (status = ok)
3. create meeting with action=sco-update (code = no-access, subcode no-login)
If I run the sco-update string in the browsers address line it works fine.
Any ideas?
Thanks
Offline
#2 2012-10-04 15:59:03
- **_jasonheffner_**
Re: Getting "no-login" using the web services
Here this might help save you some time..
To login normal user for redirect to AC.
Response.Buffer = True
const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
' Log user in
breezeurl = "https://" & DomainName & "/api/xml?action=login&login=" & BreezeLogin & "&password=" & BreezePassword
Dim objXMLHTTP, xml
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
xml.Open "POST", breezeurl, False
xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
xml.Send
' Check Status code after attempted login
Set objXMLDoc = Server.CreateObject("MSXML2.DOMDocument")
objXMLDoc.loadxml xml.responseTEXT
StatusCode = objXMLDoc.selectSingleNode("/results/status").Attributes.GetNamedItem("code").Text
If StatusCode = "ok" Then
' Set cookie for successful login and get session value
Response.Addheader "Set-Cookie", xml.getResponseHeader("Set-Cookie")
Else
' Error logging in user, user account doesn't exist or password is incorrect.
End If
Set objXMLDoc = Nothing
Set xml = Nothing
' redirect to AC
To login admin user to do admin tasks (always send cookie in header)
' Login Admin account to create users, set access rights, reset passwords, or update name.
breezeurl = "https://" & DomainName & "/api/xml?action=login&" & AdminLogin & "&password=" & AdminPassword
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
xml.Open "POST", breezeurl, False
xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
xml.Send
SessionValue = xml.getResponseHeader("Set-Cookie") ' Get Session Value that must be passed with every call. Do not set for user.
SessionValue = replace(SessionValue,";path=/","")
Set xml = Nothing
' Do additional actions through xml calls (i.e. - Get principal ID for user account)
set xml = server.CreateObject("MSXML2.ServerXMLHTTP")
url = "https://" & DomainName & "/api/xml?action=principal-list&filter-like-login=" & BreezeLogin
xml.Open "POST", url, False
xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xml.setRequestHeader "Cookie", SessionValue
xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
xml.Send
Set objXMLDoc = Server.CreateObject("MSXML2.DOMDocument")
objXMLDoc.loadxml xml.responseTEXT
Set xml = Nothing
StatusCode = objXMLDoc.selectSingleNode("/results/status").Attributes.GetNamedItem("code").Text
If (StatusCode = "ok") Then
PrincipalID = objXMLDoc.selectSingleNode("/results/principal-list/principal").Attributes.GetNamedItem("principal-id").Text
Else
' Log Error or handle error
End If
Set objXMLDoc = Nothing
' logout admin account
breezeurl = "https://" & DomainName & "/api/xml?action=logout"
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
xml.Open "POST", breezeurl, False
xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xml.setRequestHeader "Cookie", SessionValue
xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
xml.Send
Set xml = Nothing
Offline
#3 2012-10-05 00:44:31
- **_ucguy_**
Re: Getting "no-login" using the web services
Aha - setting the ResponseHeader! Excellent, thanks.
Offline
#4 2012-10-05 04:58:57
- **_ucguy_**
Re: Getting "no-login" using the web services
Hmm. Getting the same error. I even tried running your exact script and the same thing happens. (no-access)
It doesnt seem to hold the session. Could it be a problem with the web server configuration?
If it issues a new cookie for every call, then I will never be able to create a meeting..
Any ideas?
Thanks.
Offline
#5 2012-10-05 07:39:28
- **_jasonheffner_**
Re: Getting "no-login" using the web services
It's the second code block you are looking for. I guess the code should run as is, just make sure to set all the variables and the one constant.
You can break the code into four sections..
1. Attempt to login the admin account and get the SessionValue cookie
2. Make your calls to the api using the SessionValue cookie from #1
3. Check your status code from your API call and retrieve your data
4. Logout the admin account destroying the session
You get the SessionValue cookie from step #1. The Session is set on the AC server and stored in the SessionValue variable in your asp code. You then use that value in every call(i.e. - #2) you make to the API after that. This way the call runs as the admin user. That user needs to have access to make those calls as well. You should never set the sessionvalue on the browser, otherwise anyone who has access can make any call against your AC server.
If it's not working you may need to add some error checking to see at which step it's failing.
Offline
#6 2012-10-05 07:46:17
- **_jasonheffner_**
Re: Getting "no-login" using the web services
btw.. the code above is only going to produce a blank screen in your browser. You may want to add some response.write statements to check variables, print out the PrincipalID, and add debugging messages. The code above wouldn't produce a "no-access" message to the browser. The response you are looking for would be in the variable StatusCode in that example, and hopefully would return "ok".
Offline
#7 2012-10-05 08:46:56
- **_ucguy_**
Re: Getting "no-login" using the web services
Yes, I am running the second part of your example with response.writes to check the output. I get ok on the login and them no-access/no-login on whatever second step I take.
It's like it doesnt accept the cookie from the login session.
If I run the urls sequentially in the browser it works.
Offline
#8 2012-10-05 09:08:09
- **_jasonheffner_**
Re: Getting "no-login" using the web services
I'd check the Status Code returned from your admin login and verify that worked. It's more likely it's not taking that login and hence the session isn't valid. Use this block from above after you login the admin account, before you set xml = nothing .
Set objXMLDoc = Server.CreateObject("MSXML2.DOMDocument")
objXMLDoc.loadxml xml.responseTEXT
StatusCode = objXMLDoc.selectSingleNode("/results/status").Attributes.GetNamedItem("code").Text
Response.Write StatusCode ' This should be set to ok
Set objXMLDoc = Nothing
If the login is successful then the session value is good and can be used in additional api calls. I've also got "no-access" when that user can't perform that api call.
If it works in the browser it should work in asp.
Offline
#9 2012-10-05 09:10:03
- **_jasonheffner_**
Re: Getting "no-login" using the web services
Also, I'm assuming you are doing everything over https://
Offline
#10 2012-10-05 09:36:02
- **_ucguy_**
Re: Getting "no-login" using the web services
Actually it's not https. This is on a local test server so just http.
SSL is not mandatory or is it?
Offline
#11 2012-10-05 09:48:25
- **_jasonheffner_**
Re: Getting "no-login" using the web services
Yes/No, but my example uses SSL which you'll need to change to "http://".
If you are doing remote login with the API you most likely want that over SSL so no one can do a "man in the middle attack" and read your admin password, otherwise it is sent as clear text.
Offline
#12 2012-10-05 10:26:27
- **_jasonheffner_**
Re: Getting "no-login" using the web services
I checked the link and I never had great luck with sending the session value in the url like that. That's why I'd rather set the cookie on the local browser as in the first block above and then do the redirect. I've noticed AC will have problems setting a new session value cookie on the client from the url string. Logging a user in is different than making the calls for doing admin tasks.
As far as the asp code, it should work, the session value (cookie) gets passed in the api call from the previous successful login api call. I've done this since v5 and can't think of anything special to make it work. I also have the "Use e-mail address as the login:" login policy set to "No" since we can have multiple accounts with the same email address.
Offline
Pages: 1
Topic closed