HTTP Logon Help?

[birtong]

Hello,

Sorry, I'm a B4A / HTTP amateur.

I'm trying to write a simple Android app to send a embedded command to a web server. ex http://address/relay?on=1. The server requires a username and password.

I have tried to use the B4A HTTP commands and are having no logon success. It appears my username and password are not being recognized by the server.

My B4A code successfully routes the HTTP request to the server and results in a successful response but the response shows the server did not recognize the user / password.

I've tried the
* http.executecredentials(URL, id, "user", "pass") and
* http.execute(URL, id)

Can anyone help?

Here is an example of how it's done in JAVA.... BTW this works....

// Establish an HTTP client for connections
HttpClient httpclient = new DefaultHttpClient();

// Define the GET request (Turn outlet 1 on)
HttpGet httpget = new HttpGet("http://192.168.0.100/outlet?1=ON");

// Add authentication to the GET request
String username = "user";
String password = "pass";
try {
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(username, password);
BasicScheme scheme = new BasicScheme();
Header authorizationHeader = scheme.authenticate(credentials, httpget);
httpget.addHeader(authorizationHeader);
} catch (AuthenticationException e) {
e.printStackTrace();
return;
}

try {
// Send the request to the WebPowerSwitch, store the response
HttpResponse response = httpclient.execute(httpget);
.....


Thanks!

 

[Erel]

HttpClient.ExecuteCredentials supports basic authentication and digest authentication. Do you know which type of authentication your server uses?

 

[birtong]

Not sure but I updated the posting to show some JAVA code that works.... Does that help?

Thanks.

 

[Erel]

Does the Java code work from the Android application?
It uses the Basic authentication which should work properly.

 

[birtong]

Sorry I'm a newbie.... I wouldn't know how to test this.

I tried this using my ubuntu workstation.

Birton

 

[Erel]

What is the error response that you get from the server?

 

[birtong]

In the responsesuccess module(RESULT variable) I see this message...

WARNING: Insecure Authentication

Ideas?

Here is the program code:

'Activity module
Sub Process_Globals
'These global variables will be declared once when the application starts.
'These variables can be accessed from all modules.
Dim URL As String
URL = "http://192.168.1.10:800"
Dim uName As String
uName = "user"
Dim pWord As String
pWord = "pass"
Dim HttpClient1 As HttpClient

End Sub

Sub Globals
'These global variables will be redeclared each time the activity is created.
'These variables can only be accessed from this module.
Dim SW1 As Button
End Sub

Sub Activity_Create(FirstTime As Boolean)
Log("Web Power Switch")

If FirstTime Then
Log("Init HTTP Client")
HttpClient1.Initialize("HttpClient1")
End If

activity.LoadLayout("main")

End Sub

Sub Activity_Resume

End Sub

Sub Activity_Pause (UserClosed As Boolean)

End Sub

Sub SW1_Click

Log("SW1 Pressed")
Dim bgURL As String
bgURL = URL & "/outlet?1=ON"
Log(bgURL)
Dim request1 As HttpRequest
request1.InitializeGet(bgURL)
request1.Timeout = 10000 'set timeout to 10 seconds
If HttpClient1.ExecuteCredentials(request1, 1, uName, pWord) = False Then Return 'Will be false if their is already a running task (with the same id).

End Sub

Sub HttpClient1_ResponseSuccess (Response As HttpResponse, TaskId As Int)

Log("ResponseSuccess")
Dim result As String
result = Response.GetString("UTF8") 'Convert the response to a string
Msgbox(result,"Success Result")
Log(result)


End Sub

Sub HttpClient1_ResponseError (Reason As String, StatusCode As Int, TaskId As Int)

Log(Reason)
Log(StatusCode)
If reason <> Null Then Msgbox(statuscode & CRLF & Reason,"Error Result")

End Sub

 

[birtong]

Full text from ExecuteCredentials call...

ResponseSuccess
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<title>Power Controller</title>
<script language="javascript" src="/md5.js"></script>
<script language="javascript">
<!--
function calcResponse(){
var str;
str=document.login.Username.value+document.login.Password.value+document.login.Challenge.value;
document.secin.Password.value = hex_md5(str);
document.secin.Username.value = document.login.Username.value;
document.secin.submit();
}//-->
</script>
</head>
<body>
<noscript>
<table width="100%" border=0>
<tr><td bgcolor=red>&nbsp;</td></tr>
<tr><td align=center><h1>Warning: Insecure Authentication</h1></td></tr>
<tr><td bgcolor=red>&nbsp;</td></tr></table>
</noscript>
<FORM NAME="login" ID="login" ACTION="/login.tgi" METHOD=post>
<TABLE BORDER="0">
<TR>
<TD>User Name</TD>
<TD><INPUT TYPE="text" NAME="Username" VALUE="" MAXLENGTH=32></TD>
</TR>
<TR>
<TD>Password</TD>
<TD><INPUT TYPE="password" NAME="Password" MAXLENGTH=32></TD>
</TR>
<TR ALIGN=RIGHT>
<TD></TD>
<TD><INPUT onClick="calcResponse(); return false;" TYPE="Submit" NAME="Submitbtn" VALUE="OK">

<input type="hidden" name="Challenge" value="32FFUlTaNFb65CJ">

</TD></TR>
</TABLE>
</FORM>
<script language="javascript">
<!--
document.login.Username.focus();
//-->
</script>
<FORM NAME="secin" ID="secin" ACTION="/login.tgi" METHOD=post>
<INPUT TYPE="hidden" NAME="Username">
<INPUT TYPE="hidden" NAME="Password">
</FORM>
</body>
</html>

 

[birtong]

I also found this statement about the device security....

"employs javascript encryption and secure challengeresponse
authentication"

Does that help?

 

[Erel]

You are not calling the correct page. This is the Html form that should be submitted to the server. I don't see how the Java code could work if you call this page.

 

[birtong]

You may be right but before I spend more time looking at the page address. Can you outline what the ExecuteCredential module does?

Does it create a header with username and username(colon)password header?

Does it create a header with username and md5(username(colon)password) header?

etc...?

Thank you.

 

[Erel]

It depends on the server response. The authentication will be either basic or digest based on the header returned from the server.
You can read about digest and basic modes here: Digest access authentication - Wikipedia, the free encyclopedia

 

[Invent]

Hi birtong,

I'm struggling with the exact same problem (I have a web power strip, also) - please let us know if you figure out how to handle this.

Thanks

 

[Erel]

For some reason you appear as an unlicensed user in the forum. Please contact [email protected] in order to fix it.