[Fedora-suds-list] Suds and Cookie Authentication

Chris Brogan Chris.Brogan at begbies-traynor.com
Wed Jul 22 12:52:33 UTC 2009 

Following on from this, I had been in touch with the application  
vendor to see if they had an inkling as to why authentication seemed  
to be being 'dropped' who gave the following response:

> We used to support this scenario via SOAP header(ie. obtain the soap  
> header from authentication service and pass it to FO API call).  But  
> we removed it awhile back.

I don't know if this means that I HAVE to explicitly grab and pass a  
cookie (is there a method of doing this that doesn't use SOAP  
headers?) or whether any integration is possible at all. In anyone's  
experience, is it possible that a web service will only work with  
calls made from .NET applications? To say, that it defeats the object  
seems to be somewhat of an understatement!


On 21 Jul 2009, at 18:49, Jeff Ortel wrote:

> Hey Chris,
>
> Suds uses the cookielib CookieJar and places returned cookies in the  
> jar and sends all cookies in the jar with outbound messages.  So,  
> not sure why this doesn't work for you. Maybe someone else on the  
> list who's used cookies with suds a little more can help.
>
> Is it possible the user simply doesn't have permission (proper  
> roles) to do what you want?
>
> Regards,
>
> Jeff
>
> Chris Brogan wrote:
>> Hi,
>> I have successfully managed to get suds up and running on my Plone  
>> instance and can consume a variety of services. However, I'm having  
>> trouble with authentication on a collection of services that seem  
>> to be .NET-centric and aren't playing nicely.
>> I'll try to explain this as clearly as possible so, please, bear  
>> with me:
>> Having imported suds and various libraries, the various the  
>> following works as expected:
>> client = Client('http:// <http://ukcolofiniis/>servername/AppNet/ 
>> Tools/ToolsWS/AuthenticationService.asmx?WSDL')
>> auth = client.service.Login(username='user',password='pass')
>> return auth
>> >>> True
>> Similarly,
>> client = Client('http:// <http://ukcolofiniis/>servername/AppNet/ 
>> Tools/ToolsWS/AuthenticationService.asmx?WSDL')
>> client.service.Login(username='cms',password='123')
>> res = client.service.WhoAmI()
>> return res
>> >>> user
>> So, all is well there...I can successfully connect and log in.
>> Moving on to the other web services (same server), I can can  
>> information about them via:
>>        client = Client('http:// <http://ukcolofiniis/>servername/ 
>> AppNet/Tools/ToolsWS/AuthenticationService.asmx?WSDL')
>>        client.service.Login(username='cms',password='123')
>>        client.service.WhoAmI()
>>        client = Client('http://u <http://ukcolofiniis/>servername/ 
>> AppNet/Time/TimeWS/ActionService.asmx?wsdl')                return  
>> client
>> >>>
>> Suds ( https://fedorahosted.org/suds/ )  version: 0.3.6 GA  build:  
>> R526-20090624
>> Service ( ActionService ) tns="http://cmsopen.com/"
>>   Prefixes (1)
>>      ns0 = "http://cmsopen.com/"
>>   Ports (2):
>>      (ActionServiceSoap)
>>         Methods (2):
>>            Read(xs:string filter, )
>>            ReadSingle(xs:string actionCode, )
>>         Types (3):
>>            ActionData
>>            ActionDataBase
>>            ArrayOfActionData
>>      (ActionServiceSoap12)
>>         Methods (2):
>>            Read(xs:string filter, )
>>            ReadSingle(xs:string actionCode, )
>>         Types (3):
>>            ActionData
>>            ActionDataBase
>>            ArrayOfActionData
>> This provides information relating to the available services and  
>> the result is obviously the same with or without the first 3 lines  
>> of authenticating code as nothing of any importance is being asked.
>> However, when I try to do something useful with the services ...eg:
>>        client = Client('http:// <http://ukcolofiniis/>servername/ 
>> AppNet/Tools/ToolsWS/AuthenticationService.asmx?WSDL')
>>        client.service.Login(username='cms',password='123')
>>        client.service.WhoAmI()
>>        client = Client('http:// <http://ukcolofiniis/>servername/ 
>> AppNet/Time/TimeWS/ActionService.asmx?wsdl')
>>        result = client.service.ReadSingle('0NCHG')
>>        return result
>> I get authentication errors...
>> Server raised fault: 'System.Web.Services.Protocols.SoapException:  
>> Server was unable to process request. --->  
>> System.Security.SecurityException: Request for principal permission  
>> failed. at  
>> System 
>> .Security.Permissions.PrincipalPermission.ThrowSecurityException()  
>> at System.Security.Permissions.PrincipalPermission.Demand() at  
>> System.Security.PermissionSet.DemandNonCAS() at  
>> Solution6.Cio.Time.ActionService.ReadSingle(String actionCode) The  
>> action that failed was: Demand The type of the first permission  
>> that failed was: System.Security.Permissions.PrincipalPermission  
>> The first permission that failed was: <IPermission  
>> class="System.Security.Permissions.PrincipalPermission, mscorlib,  
>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"  
>> version="1"> <Identity Authenticated="true" Role="ciouser"/> </ 
>> IPermission> The demand was for: <IPermission  
>> class="System.Security.Permissions.PrincipalPermission, mscorlib,  
>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"  
>> version="1"> <Identity Authenticated="true" Role="ciouser"/> </ 
>> IPermission> The assembly or AppDomain that failed was: mscorlib,  
>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089  
>> --- End of inner exception stack trace ---'
>> Now, this seems to be because when the AuthenticationService.asmx  
>> service is run in a .NET environment (which I know very little  
>> about!), the object is attributed with a cookie using  
>> CookieContainer which can then get passed into subsequent calls.  
>> However, there doesn't seem to be any transparent way to grab this  
>> cookie from the various authentication services (they tend to  
>> return booleans) so that I can then try to get to grips with trying  
>> to pass is to subsequent services so I'm pretty much stuck. Does  
>> anyone have any pointers?
>> Chris
>> www.begbies-traynorgroup.com <http://www.begbies-traynorgroup.com>
>> CONFIDENTIALITY : This email and its attachments are confidential  
>> to the intended recipient.  They may not be used by, disclosed to  
>> or copied in any way to anyone other than the intended recipient.  
>> If this email is received in error, please contact Begbies Traynor  
>> Group IT Department on +44 (0)161 837 1837, provide details of the  
>> sender and the address to which it has been sent and then delete  
>> it. Opinions, conclusions and other statements and information in  
>> this message that do not relate to the official business of the  
>> legal entity which sent it or any other entity within the Begbies  
>> Traynor Group shall be understood as neither given nor endorsed by  
>> them.
>> VIRUSES : Although we have taken steps to ensure that this email  
>> and any attachments are free from any virus, it is your  
>> responsibility to check that they are actually virus free.  We do  
>> not accept any responsibility for viruses. This message has been  
>> scanned for viruses by MailControl.
>> ------------------------------------------------------------------------
>> _______________________________________________
>> fedora-suds-list mailing list
>> fedora-suds-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-suds-list

Chris Brogan
IT Development Manager
Begbies Traynor Group plc
340 Deansgate, Manchester, M3 4LY

T: +44 (0)161 837 1700
F: +44 (0)161 837 1701
D: +44 (0)161 837 1844
www.begbies-traynorgroup.com







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-suds-list/attachments/20090722/ec406249/attachment.htm>

More information about the fedora-suds-list mailing list