Unauthorised error when connecting to milestone via tcpvideoviewer sample application

0050O0000073piCQAQ · March 8, 2018, 5:59pm

I am using the TcpVideoViewer protocol sample and I am getting an unauthorised error. I am using the same connection details as I use in the component samples. Is there anything on the server I need to change to fix this?

Bo_Ellegard_Andersen · March 9, 2018, 9:06am

The sample will not work for basic authentication users. Have you tried with a Windows user?

0050O0000072uFsQAI · April 20, 2018, 6:15pm

I am having the same problem. Is there a sample that shows how to use basic authentication in the context of the TcpVideoViewer sample? Thanks

Bo_Ellegard_Andersen · April 23, 2018, 9:54am

There is no sample showing this. Please use the sample with Windows/AD users.

You would need to use SSL on the Management Server service, and then use token on Image Server protocol.

0050O0000072uFsQAI · April 23, 2018, 3:28pm

I have used the recommendations in https://developer.milestonesys.com/s/question/0D50O00004BExHpSAL/cant-login-via-protocol-integration-with-basic-authentication?t=1524229710128, prepending “[BASIC]\\” to the user name, and using https instead of http. But I am getting 408 error when using https to connect to the management server. Is there a configuration option I am missing to enable SSL for the Management Server?

I am using XProtect Essential+ 2018 R1.

I need to be able to use basic authentication for our implementation, since Windows/AD accounts will not be available at most of our customers’ locations.

Bo_Ellegard_Andersen · April 24, 2018, 8:42am

408 means timeout. I suspect you are not contacting the management server on the correct port (https 443).

Bo_Ellegard_Andersen · April 25, 2018, 8:15am

Does the Login .Net SOAP sample work for you with basic users?

0050O0000072uFsQAI · April 25, 2018, 6:28pm

Yes I was able to login with the basic user credentials in the Login sample.

Bo_Ellegard_Andersen · April 26, 2018, 6:48am

You should be able to use this to modify the code of the TcpVideoViewer sample so that it can do basic users.

0050O0000072uFsQAI · April 26, 2018, 6:13pm

Thank you very much for your assistance

0050O0000072uFsQAI · May 1, 2018, 7:34pm

Hi Bo,

I was able to login using the basic authentication from the LoginDotNetSoap.
But any attempts to get the server configuration result in 401 error – Unauthorized.
The server is XProtect Essential+, and the basic user I configured is part of the Administrators group.
I also used WSDL generated class as recommended in LoginDotNetSoap sample comments, in order to try and fetch the configuration, but to no avail.
Any suggestions are greatly appreciated.

Thank you very much for your help.

Best regards,

Ruslan Georgiev
Senior Video Software Engineer
Arrowsight
ruslan.georgiev@arrowsight.com mailto:[ruslan.georgiev@arrowsight.com](mailto:ruslan.georgiev@arrowsight.com)\
tel 914-215-5141
cell 845-380-3046

Bo_Ellegard_Andersen · May 2, 2018, 12:29pm

When asking for configuration use the token. My guess could be wrong but after logon you should use the token when asking for configuration etc. Does it fit?

0050O0000072uFsQAI · May 2, 2018, 1:03pm

Yes, I am using the token obtained from login but getting 401 - Unauthorized with basic authentication.

0050O0000072uFsQAI · May 2, 2018, 4:03pm

I get the following HTTP response captured by Fiddler:

HTTP/1.1 401 Unauthorized

Content-Type: text/html

Server: Microsoft-IIS/10.0

WWW-Authenticate: Basic realm=“localhost”

X-Powered-By: ASP.NET

X-Frame-Options: SAMEORIGIN

Date: Wed, 02 May 2018 15:55:50 GMT

Content-Length: 1293

401 - Unauthorized: Access is denied due to invalid credentials. h2{font-size:1.7em;margin:0;color:[#CC0000](javascript:void\(0\); "#CC0000");}

h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}

[header](javascript:void(0); “header”){width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:“trebuchet MS”, Verdana, sans-serif;color:[fff](javascript:void(0); “fff”);

Server Error

401 - Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

Bo_Ellegard_Andersen · May 3, 2018, 6:52am

For debugging purposes you would have to let me see the request causing this reply.

0050O0000072uFsQAI · May 3, 2018, 2:20pm

POST https://d110/serverapi/servercommandservice.asmx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)

VsDebuggerCausalityData: uIDPo+HdCvcDahZIp4SgufF/pdMAAAAAJRg9eVZiH0mciiH0kh6f6a3iknFccLBBnNaOLYuHBpYACQAA

Content-Type: text/xml; charset=utf-8

SOAPAction: “http://videoos.net/2/XProtectCSServerCommand/GetConfiguration”

Host: d110

Content-Length: 436

Expect: 100-continue

<?xml version="1.0" encoding="utf-8"?>TOKEN#3cb86dd4-43d2-49c2-a797-a65cbdd935ee#[d110.corp.arrowsight.com//ServerConnector#](https://d110.corp.arrowsight.com//ServerConnector#%3C/token%3E%3C/GetConfiguration%3E%3C/soap:Body%3E%3C/soap:Envelope%3E)

0050O0000072uFsQAI · May 3, 2018, 2:36pm

posted a file.

0050O0000072uFsQAI · May 3, 2018, 2:38pm

The above is the full session Fiddler capture from modified LoginDotNetSoap sample using basic authentication. The GetConfig is implemented by using WSDL generated Milestone client file, as shown in ServerCommandServiceNTLM.cs

wsdl /out:myclient.cs http:///serverapigenerator/servercommandservice.asmx?wsdl

0050O0000072uFsQAI · May 3, 2018, 5:58pm

One more detail that may be relevant. If I replay the GetConfiguration request from Fiddler I get the valid configuration XML see attached

Bo_Ellegard_Andersen · May 4, 2018, 8:27am

I see “.ASMX” - notice how the LoginDotNetSoap sample uses “/ManagementServer/ServerCommandService.svc”