[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using HTTPAPI with SQL SERVER 2005 endpoints



Hi Jeff,

I've never even heard of SQL Server Endpoints, but a quick Google tells 
me that they're just a way of creating web services on SQL Server.  That 
being the case, they should work like any other web service.

You say that if you use an INTEGRATED or DIGEST end point, you get an 
error.  Can you expand on that?   I have no clue what "INTEGRATED" 
means, but HTTPAPI does support DIGEST authentication.

However, DIGEST can be a bit tricky:  You see, a special key value, 
called a "nonce" must be retrieved from the server, and used to encrypt 
the userid/password that you send back to the server.  The reason it's 
tricky, is that you have to communicate with the server in order to get 
the nonce!

To make digest work, you have to follow these steps:

    a) Try to access the site without specifying a userid/password.
       It will fail, and HTTPAPI will set it's error number to
       HTTP_NDAUTH to indicate that authorization is needed.  And,
       when this happens, the server will also send the "nonce"
       string, and HTTPAPI will see that, and memorize it.

    b) Call http_getauth(), it will tell you the name of the realm
       and also that digest authentication is required.  If you like,
       you can stop here and ask the user for a userid/password for
       the given realm.

    c) Call http_setauth() to tell HTTPAPI that you want to set a
       userid/password, and that the authentication type should be
       digest.

    d) Make the request again.   This time, HTTPAPI will already know
       the nonce, and will know that you want digest authentication,
       so it will send the digest-encrypted login string properly to
       the server.

By contrast, BASIC authentication does not need any data from the server 
in advance, because there's no cryptographic keys (BASIC sends the 
userid/password as clear text encoded in base64.  Base64 is not
encryption, and anyone who can read the data can decode it.  That's
probably why your server requires SSL with Base64 -- SSL encrypts the
entire communication, including the password exchange, while it's
sending over the network.)

Can you expand on the problem you're having with BASIC and SSL?  You 
said that Comm_Resolve() returns *NULL.  At the moment, the only cause
for that is the "Host Not Found" error, that is, the DNS lookup for the 
host name failed -- but this doesn't appear to have anything whatsoever 
to do with the problems you've described.  Can you please make a 
diagnostic log (by calling the http_debug() API) and post the error 
messages from that log to the list?



jeff hetrick wrote:
>    Has anyone had any success in using the HTTPAPI to call an endpoint
>    defined in SQL Server 2005?
> 
>    Defining the endpoint as INTEGRATED or DIGEST, I keep getting
>    authentication errors.  When using BASIC, the endpoint requires an SSL
>    port.  So I define it within HTTPAPI, but I get an *NULL returned from
>    the comm_resolve in sub-procedure http_persist_open...
> 

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------