[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Using HTTPAPI with SQL SERVER 2005 endpoints
Hi Scott
Thanks for your reply. I will try the suggestions below today, and if
I am still having trouble, I will send the logs in the next post.
Thanks
-Jeff
_________________________________________________________________
> Date: Fri, 16 Mar 2007 18:43:41 -0500
> From: klemscot@xxxxxxxxxxxx
> To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Using HTTPAPI with SQL SERVER 2005 endpoints
>
> Hi Jeff,
>
> I've never even heard of SQL Server Endpoints, but a quick Google
tells
> me that they're just a way of creating web services on SQL Server.
That
> being the case, they should work like any other web service.
>
> You say that if you use an INTEGRATED or DIGEST end point, you get
an
> error. Can you expand on that? I have no clue what "INTEGRATED"
> means, but HTTPAPI does support DIGEST authentication.
>
> However, DIGEST can be a bit tricky: You see, a special key value,
> called a "nonce" must be retrieved from the server, and used to
encrypt
> the userid/password that you send back to the server. The reason
it's
> tricky, is that you have to communicate with the server in order to
get
> the nonce!
>
> To make digest work, you have to follow these steps:
>
> a) Try to access the site without specifying a userid/password.
> It will fail, and HTTPAPI will set it's error number to
> HTTP_NDAUTH to indicate that authorization is needed. And,
> when this happens, the server will also send the "nonce"
> string, and HTTPAPI will see that, and memorize it.
>
> b) Call http_getauth(), it will tell you the name of the realm
> and also that digest authentication is required. If you like,
> you can stop here and ask the user for a userid/password for
> the given realm.
>
> c) Call http_setauth() to tell HTTPAPI that you want to set a
> userid/password, and that the authentication type should be
> digest.
>
> d) Make the request again. This time, HTTPAPI will already know
> the nonce, and will know that you want digest authentication,
> so it will send the digest-encrypted login string properly to
> the server.
>
> By contrast, BASIC authentication does not need any data from the
server
> in advance, because there's no cryptographic keys (BASIC sends the
> userid/password as clear text encoded in base64. Base64 is not
> encryption, and anyone who can read the data can decode it. That's
> probably why your server requires SSL with Base64 -- SSL encrypts
the
> entire communication, including the password exchange, while it's
> sending over the network.)
>
> Can you expand on the problem you're having with BASIC and SSL? You
> said that Comm_Resolve() returns *NULL. At the moment, the only
cause
> for that is the "Host Not Found" error, that is, the DNS lookup for
the
> host name failed -- but this doesn't appear to have anything
whatsoever
> to do with the problems you've described. Can you please make a
> diagnostic log (by calling the http_debug() API) and post the error
> messages from that log to the list?
>
>
>
> jeff hetrick wrote:
> > Has anyone had any success in using the HTTPAPI to call an
endpoint
> > defined in SQL Server 2005?
> >
> > Defining the endpoint as INTEGRATED or DIGEST, I keep getting
> > authentication errors. When using BASIC, the endpoint requires an
SSL
> > port. So I define it within HTTPAPI, but I get an *NULL returned
from
> > the comm_resolve in sub-procedure http_persist_open...
> >
>
>
----------------------------------------------------------------------
-
> This is the FTPAPI mailing list. To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
>
----------------------------------------------------------------------
-
_________________________________________________________________
Take a break and play crossword puzzles - FREE! [1]Play Now!
References
1. http://games.msn.com/en/flexicon/default.htm?icid=flexicon_%20wlmemailtaglinemarch07
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------