My company is running XProtect Server 2019 R3
I use SoapUI 5.6.0 to test Server Command Service SOAP Protocol.
- Login with Windows AD user via NTLM, the token is returned successfully, see below request and response:
“POST /ServerAPI/ServerCommandService.asmx HTTP/1.1[\r][\n]”
“Accept-Encoding: gzip,deflate[\r][\n]”
“Content-Type: text/xml;charset=UTF-8[\r][\n]”
"SOAPAction: "http://videoos.net/2/XProtectCSServerCommand/Login"[\r][\n]"
“Content-Length: 409[\r][\n]”
“Host: 10.0.0.14[\r][\n]”
“Connection: Keep-Alive[\r][\n]”
“User-Agent: Apache-HttpClient/4.5.5 (Java/12.0.1)[\r][\n]”
“Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAC4ALgAYAAAABoAGgAYAQAAGgAaADIBAAAQABAATAEAAAAAAABcAQAABYKKogUBKAoAAAAPgdcBPKfnqnDBvU4QnKAdMUWM0LTga+PBjpL6ISfFMqhUoJwUBSn8+QEBAAAAAAAAYNWLY45p1wGHj0Ce9UUrpgAAAAACABoAVgBNAFMAMgAwADEAOABTAEUAUgBWAEUAUgABABoAVgBNAFMAMgAwADEAOABTAEUAUgBWAEUAUgAEABoAVgBNAFMAMgAwADEAOABTAEUAUgBWAEUAUgADABoAVgBNAFMAMgAwADEAOABTAEUAUgBWAEUAUgAHAAgAxepcY45p1wEAAAAAAAAAAFYATQBTADIAMAAxADgAUwBFAFIAVgBFAFIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBNAEQAMQBVADcATQBSAEMA[\r][\n]”
“[\r][\n]”
"<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xpr="http://videoos.net/2/XProtectCSServerCommand">[\r][\n]"
" soapenv:Header/[\r][\n]"
" soapenv:Body[\r][\n]"
" xpr:Login[\r][\n]"
" xpr:instanceId3a462af2-0b18-47b9-9a40-d89380cbe112</xpr:instanceId>[\r][\n]"
" [\r][\n]"
" xpr:currentToken</xpr:currentToken>[\r][\n]"
" </xpr:Login>[\r][\n]"
" </soapenv:Body>[\r][\n]"
“</soapenv:Envelope>”
“HTTP/1.1 200 OK[\r][\n]”
“Cache-Control: private, max-age=0[\r][\n]”
“Content-Type: text/xml; charset=utf-8[\r][\n]”
“Server: Microsoft-IIS/10.0[\r][\n]”
“X-AspNet-Version: 4.0.30319[\r][\n]”
“Persistent-Auth: true[\r][\n]”
"X-Powered-By: ASP.NET[\r][\n]"
“X-Frame-Options: SAMEORIGIN[\r][\n]”
“Date: Fri, 25 Jun 2021 06:50:30 GMT[\r][\n]”
“Content-Length: 616[\r][\n]”
“[\r][\n]”
"<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">soap:Body<LoginResponse xmlns="http://videoos.net/2/XProtectCSServerCommand">TOKEN#80fad428-be8a-45a2-be95-e802261dc749#vms2018server//ServerConnector#2021-06-25T06:50:30.463Z14400000000false</soap:Body></soap:Envelope>"
2.With the token, call GetUserInfo failed with 401 Unauthorized, see below reauest and response:
“POST /ServerAPI/ServerCommandService.asmx HTTP/1.1[\r][\n]”
“Accept-Encoding: gzip,deflate[\r][\n]”
“Content-Type: text/xml;charset=UTF-8[\r][\n]”
"SOAPAction: "http://videoos.net/2/XProtectCSServerCommand/GetUserInfo"[\r][\n]"
“Content-Length: 401[\r][\n]”
“Host: 10.0.0.14[\r][\n]”
“Connection: Keep-Alive[\r][\n]”
“User-Agent: Apache-HttpClient/4.5.5 (Java/12.0.1)[\r][\n]”
“[\r][\n]”
"<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xpr="http://videoos.net/2/XProtectCSServerCommand">[\r][\n]"
" soapenv:Header/[\r][\n]"
" soapenv:Body[\r][\n]"
" xpr:GetUserInfo[\r][\n]"
" [\r][\n]"
" xpr:tokenTOKEN#80fad428-be8a-45a2-be95-e802261dc749#vms2018server//ServerConnector#</xpr:token>[\r][\n]"
" </xpr:GetUserInfo>[\r][\n]"
" </soapenv:Body>[\r][\n]"
“</soapenv:Envelope>”
"HTTP/1.1 401 Unauthorized[\r][\n]"
“Content-Type: text/html[\r][\n]”
“Server: Microsoft-IIS/10.0[\r][\n]”
“WWW-Authenticate: Negotiate[\r][\n]”
“WWW-Authenticate: NTLM[\r][\n]”
"X-Powered-By: ASP.NET[\r][\n]"
“X-Frame-Options: SAMEORIGIN[\r][\n]”
“Date: Fri, 25 Jun 2021 06:51:45 GMT[\r][\n]”
“Content-Length: 58[\r][\n]”
“[\r][\n]”
“You do not have permission to view this directory or page.”
My question: is there something wrong (e.g. missing http header or parameter) when submit the request with the token? Or, is there some configuration error in XProtect Server?