I am having the same issue as outlined in this question but cannot get pass an HTTP 401 response

https://developer.milestonesys.com/s/question/0D53X00006YUsODSA1/protocol-integration-method-cannot-authenticate-using-soap-401-unauthorized-error

I have tried using Postman, Python, and SoapUI but have been unable to make any progress. Here is the raw request and response from Postman:

POST /ServerAPI/ServerCommandService.asmx HTTP/1.1

Authorization: Basic UGVyZWdyaW5lOldlbGNvbWUxMDfh

Content-Type: application/xml

User-Agent: PostmanRuntime/7.24.1

Accept: */*

Cache-Control: no-cache

Postman-Token: 0039f902-07ca-4d5a-9537-5896bb12196a

Host: ip_address

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 442

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xmlns:xsd=“http://www.w3.org/2001/XMLSchema” xmlns:soap=“http://schemas.xmlsoap.org/soap/envelope/”>

soap:Body

<Login xmlns=“http://videoos.net/2/XProtectCSServerCommand”>

fc0352e7-6a7a-418b-ad1d-2f16c09adddf

</soap:Body>

</soap:Envelope>

HTTP/1.1 401 Unauthorized

Content-Type: text/html

Server: Microsoft-IIS/10.0

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

X-Powered-By: ASP.NET

X-Frame-Options: SAMEORIGIN

Date: Tue, 05 May 2020 21:09:29 GMT

Content-Length: 1293

401 - Unauthorized: Access is denied due to invalid credentials.

Since you are using the basic authentication method I assume you are using an XProtect basic user?

If that is indeed the case you need to use SSL and log in to the server using this URI instead: ManagementServer/ServerCommandService.svc

As is also listed on this page in the documentation: https://doc.developer.milestonesys.com/html/index.html?base=content_0.html&tree=tree_3.html

For further help on how to log in in a protocol integration please have a look at the LoginDotNetSoap protocol sample in the SDK. It is in C#, but especially for basic users it should be a fairly straight-forward conversion to most other languages.

The Milestone instance is running on XProtect Corporate 2018 R3 and we are using the BasicUser for authentication. Following the exact instructions on the Milestone documentation and the LoginDotNet sample code we still receive 4xx responses.

POST /ManagementServer/ServerCommandService.svc HTTP/1.1

Content-Type: application/soap+xml; charset=utf-8

SOAPAction: http://videoos.net/2/XProtectCSServerCommand/Login

Authorization: Basic UGVyZWdyaW5lOlelcGNvbWUxMDEh

User-Agent: PostmanRuntime/7.24.1

Accept: */*

Cache-Control: no-cache

Postman-Token: 4ce96e70-d5e2-4165-9824-20bf7194bf54

Host: <ip_address>

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 442

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xmlns:xsd=“http://www.w3.org/2001/XMLSchema” xmlns:soap=“http://schemas.xmlsoap.org/soap/envelope/”>

soap:Body

fc0352e7-6a7a-418b-ad1d-2f16c09adedf

</soap:Body>

</soap:Envelope>

HTTP/1.1 400 Bad Request

Cache-Control: private

Server: Microsoft-IIS/10.0

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

X-Frame-Options: SAMEORIGIN

Date: Thu, 07 May 2020 15:38:22 GMT

Content-Length: 0

What do we need to change in order to receive a successful response?

Are you using SSL? Basic user login requires usage of HTTPS.

We tried using SSL and disabled verification checks (given self-signing certificate) and that worked. Thank you Peter

He using XProtect Corporate 2018 R3.

I read in the docs “Protocols > ImageServer > ImageServer - Authenticate”:

"

There are two ways of authenticating with Milestone XProtect servers

• The SOAP/HTTP-based way, using Windows credentials (username, password)
• The TCP way, using XProtect Enterprise’s Basic Authentication credentials

"

and:

"

• Basic Authentication Credentials (only works for XProtect Enterprise and XProtect Professional)
• Windows Credentials (works for both XProtect Enterprise and XProtect Corporate)

"

So in this case, why did you recommend using SSL with XProtect Corporate?

It conflicts with your documents but worked.