SSL Authentication

[Speirs]

Hi,
I'm hoping someone can point me in the right direction in how to pass a username and password through with an SSL connection.
It's for connection to VedaXML (online credit checks) if anyone has done that one before.

They have given me a user name and password to use for the http authentication. If I go to the URL used to submit the XML to (https://cta.vedaxml.com/sys1) I get the standard windows authentication/logon popup. I enter my credentials and all good - so I know those details are OK.

But how do pass that username and password through in presumably the header of my requests?
All requests I make just return with an error 401 Authorization Required. Access denied - Invalid user name or password. I have sent sample XML to Veda and the XML is fine, they said its the https authentication which is failing, and my software should just automatically pick this up from the certificate store. So thats where I'm now stuck.

The sample connection code for Java they gave includes the following portion on Authenticators for the username and password:

...
//configure local keystore properties
//note: Jave version 1.4 has JSSE included
//note: use Jave 'keytool' tool to manage keystore
System.setProperty( "javax.net.ssl.trustStore", ".keystore");

//set an Authenticator to generate username and password
Authenticator auth = new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication()
{
String username = "username";
String password = "password";
return new PasswordAuthentication( username, password.toCharArray() );
}
};
Authenticator.setDefault( auth );

//prepare and open an HTTP connection
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
....

I'm just using the TcpIpConnection classes, but can't find anything in doco or on the JadeSSLContext or JadeX509Certificate classes about usernames and passwords.
Can anyone point me in the right direction for how to do this within Jade.
Many thanks
Stephen

[murray]

Usually this involves adding required XML fields or HTTP headers. The username and password may need to be encrypted and/or signed.
The JadeSSLContext and JadeX509Certificate are for SSL certificate based authentication, where the certificate has the required data.
I can't help you directly with this specific case, but a good place to start reading would be the HTTP spec.
Have a look at section 14.8 of http://www.faqs.org/rfcs/rfc2616.html.

[bdoolan]

Hi,
You may be able to use the JadeWebServiceConsumer class to do most of the work for you. See https://forums.jadeworld.com/viewtopic.php?f=11&t=1845 for a brief description. To add Authentication, you need to add the line

Code: Select all

webService.addHttpHeader("Authorization", "Basic " & "<USERNAME>:<PASSWORD>".Binary.base64EncodeNoCrLf);

before calling the invoke method. I'm assuming the service is using Basic mode Authentication.

When the URL is plain http, this all works fine on Windows and Linux. When it is https, it works only on Windows.

So, if you're lucky, you may be able to achieve what you want quite easily. I needed GET and POST methods for https so had to do what Murray suggested and implement HTTP/1.1 directly. I thought this would be horrendous but it turned out not to be too bad. Hopefully you can avoid the hassle.

Cheers, Brendan

[murray]

Another suggestion (if you are on Jade 6.3) which is sort of halfway between low-level TcpIpConnection and high-level JadeWebServiceConsumer is to have a look at JadeHTTPConnection.
This class uses the underlying Windows HTTP library to perform HTTP GET and POST requests. However, you have to build up your own message body. This may help if you don't have a WSDL.
It has properties for username and password in the URL, e.g.

password:  Sets or retrieves a string that contains the password portion of the url property, where the URL is made up of the following components.
  “scheme://[user[:password]@]host[:port]/path[?query][#fragment]”

user: Sets or retrieves a string that contains the user portion of the url property
value, where the URL is made up of the following components.
“scheme://[user[:password]@]host[:port]/path[?query][#fragment]”

If you can't find the documentation for JadeHTTPConnection, the only place I have it is in the ReleaseInfo PDF for 6.3.09.

[Speirs]

Morning,
Many thanks to you both for your help - the Authentication line in the header looks to be the trick I was looking for.

I'm not getting the authentication error response now which is good, but the request still doesn't work.
It's with their Support team - if they paste the XML I generate directly into their app, it works fine, but when I submit it, it throws an error, so they are not sure why and have raised a job ticket to look into it.

If it turns out to be something to do with the headers or authentication I will post another reply back just to finish up the post nicely - otherwise thanks for the help.
Stephen

[MJones]

I have implemented an interface to vedaXML in Jade previously. Last time I just implemented it using external function calls through wininet. Its not particularly difficult but a little time consuming.

The attached image highlights all the calls needed for an SSL authenticated HTTP POST in Jade.

Essentially the order of calls is;

internetOpen
internetConnect // Your veda user ID and password are passed in here
httpOpenRequest
certOpenStore // This and the next 2 calls are used to verify the SSL certificate
certFindCertificateInStore
certCloseStore
httpSendRequest
internetReadFile // May need repeat calls of this to get the whole buffer if the credit check is a long one
certFreeCertificateContext
internetCloseHandle // repeat for the connection handle & the HTTP handle

All these functions are documented on the net.

p.s. In reference to one of the previous replies I do not believe you can currently pass SSL authentication details using the JadeHTTPConnection class. I briefly experimented with this both before it was published and after and could not get it to work.

Regards,
Michael