#1 2012-10-04 14:20:47

**_ucguy_**

Getting "no-login" using the web services

Hi, have a problem with an app Im writing. (I am am creating meetings through the api/webservices via classic asp/vbscript)

It goes like this:

1. get the sessions cookie with action=common-info
2. login (admin) remembering to set the session=my cookie from step 1 (status = ok)
3. create meeting with action=sco-update (code = no-access, subcode no-login)

If I run the sco-update string in the browsers address line it works fine.

Any ideas?

Thanks

**_jasonheffner_**

Re: Getting "no-login" using the web services

Here this might help save you some time..

To login normal user for redirect to AC.

    Response.Buffer = True
    const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
    ' Log user in
    breezeurl = "https://" & DomainName & "/api/xml?action=login&login=" & BreezeLogin & "&password=" & BreezePassword
    Dim objXMLHTTP, xml
    Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
    xml.Open "POST", breezeurl, False
    xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
    xml.Send

    ' Check Status code after attempted login
    Set objXMLDoc = Server.CreateObject("MSXML2.DOMDocument")
    objXMLDoc.loadxml xml.responseTEXT
    StatusCode = objXMLDoc.selectSingleNode("/results/status").Attributes.GetNamedItem("code").Text
    If StatusCode = "ok" Then
        ' Set cookie for successful login and get session value
        Response.Addheader "Set-Cookie", xml.getResponseHeader("Set-Cookie")
    Else
        ' Error logging in user, user account doesn't exist or password is incorrect.
    End If
    Set objXMLDoc = Nothing
    Set xml = Nothing
    ' redirect to AC

To login admin user to do admin tasks (always send cookie in header)

    ' Login Admin account to create users, set access rights, reset passwords, or update name. 
    breezeurl = "https://" & DomainName & "/api/xml?action=login&" & AdminLogin & "&password=" & AdminPassword
    Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
    xml.Open "POST", breezeurl, False
    xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
    xml.Send
    SessionValue = xml.getResponseHeader("Set-Cookie")        ' Get Session Value that must be passed with every call. Do not set for user.
    SessionValue = replace(SessionValue,";path=/","")
    Set xml = Nothing

        ' Do additional actions through xml calls (i.e. - Get principal ID for user account)
    set xml = server.CreateObject("MSXML2.ServerXMLHTTP")
    url = "https://" & DomainName & "/api/xml?action=principal-list&filter-like-login=" & BreezeLogin
    xml.Open "POST", url, False
    xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    xml.setRequestHeader "Cookie", SessionValue
    xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
    xml.Send
            
    Set objXMLDoc = Server.CreateObject("MSXML2.DOMDocument")
    objXMLDoc.loadxml xml.responseTEXT
    Set xml = Nothing
    StatusCode = objXMLDoc.selectSingleNode("/results/status").Attributes.GetNamedItem("code").Text
    If (StatusCode = "ok") Then      
        PrincipalID = objXMLDoc.selectSingleNode("/results/principal-list/principal").Attributes.GetNamedItem("principal-id").Text        
    Else                                                    
        ' Log Error or handle error                     
    End If    
    Set objXMLDoc = Nothing

    ' logout admin account 
    breezeurl = "https://" & DomainName & "/api/xml?action=logout"
    Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
    xml.Open "POST", breezeurl, False
    xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    xml.setRequestHeader "Cookie", SessionValue
    xml.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
    xml.Send
    Set xml = Nothing

**_ucguy_**

Re: Getting "no-login" using the web services

Aha - setting the ResponseHeader! Excellent, thanks.

**_ucguy_**

Re: Getting "no-login" using the web services

Hmm. Getting the same error. I even tried running your exact script and the same thing happens. (no-access)

It doesnt seem to hold the session. Could it be a problem with the web server configuration?

If it issues a new cookie for every call, then I will never be able to create a meeting..

Any ideas?

Thanks.

**_jasonheffner_**

Re: Getting "no-login" using the web services

It's the second code block you are looking for. I guess the code should run as is, just make sure to set all the variables and the one constant.

You can break the code into four sections..

1. Attempt to login the admin account and get the SessionValue cookie
2. Make your calls to the api using the SessionValue cookie from #1
3. Check your status code from your API call and retrieve your data
4. Logout the admin account destroying the session

You get the SessionValue cookie from step #1. The Session is set on the AC server and stored in the SessionValue variable in your asp code. You then use that value in every call(i.e. - #2) you make to the API after that. This way the call runs as the admin user. That user needs to have access to make those calls as well. You should never set the sessionvalue on the browser, otherwise anyone who has access can make any call against your AC server.

If it's not working you may need to add some error checking to see at which step it's failing.

**_jasonheffner_**

Re: Getting "no-login" using the web services

btw.. the code above is only going to produce a blank screen in your browser. You may want to add some response.write statements to check variables, print out the PrincipalID, and add debugging messages. The code above wouldn't produce a "no-access" message to the browser. The response you are looking for would be in the variable StatusCode in that example, and hopefully would return "ok".

**_ucguy_**

Re: Getting "no-login" using the web services

Yes, I am running the second part of your example with response.writes to check the output. I get ok on the login and them no-access/no-login on whatever second step I take.

It's like it doesnt accept the cookie from the login session.

If I run the urls sequentially in the browser it works.

**_jasonheffner_**

Re: Getting "no-login" using the web services

I'd check the Status Code returned from your admin login and verify that worked. It's more likely it's not taking that login and hence the session isn't valid. Use this block from above after you login the admin account, before you set xml = nothing .

    Set objXMLDoc = Server.CreateObject("MSXML2.DOMDocument")
    objXMLDoc.loadxml xml.responseTEXT
    StatusCode = objXMLDoc.selectSingleNode("/results/status").Attributes.GetNamedItem("code").Text
    Response.Write StatusCode       ' This should be set to ok
    Set objXMLDoc = Nothing

If the login is successful then the session value is good and can be used in additional api calls. I've also got "no-access" when that user can't perform that api call.

If it works in the browser it should work in asp.

**_jasonheffner_**

Re: Getting "no-login" using the web services

Also, I'm assuming you are doing everything over https://

**_ucguy_**

Re: Getting "no-login" using the web services

Actually it's not https. This is on a local test server so just http.

SSL is not mandatory or is it?

**_jasonheffner_**

Re: Getting "no-login" using the web services

Yes/No, but my example uses SSL which you'll need to change to "http://".

If you are doing remote login with the API you most likely want that over SSL so no one can do a "man in the middle attack" and read your admin password, otherwise it is sent as clear text.

**_jasonheffner_**

Re: Getting "no-login" using the web services

I checked the link and I never had great luck with sending the session value in the url like that. That's why I'd rather set the cookie on the local browser as in the first block above and then do the redirect. I've noticed AC will have problems setting a new session value cookie on the client from the url string. Logging a user in is different than making the calls for doing admin tasks.

As far as the asp code, it should work, the session value (cookie) gets passed in the api call from the previous successful login api call. I've done this since v5 and can't think of anything special to make it work. I also have the "Use e-mail address as the login:" login policy set to "No" since we can have multiple accounts with the same email address.