Authentication headers not working in ONVIF request?

Question

I am writing an API in C for authenticating user using ONVIF. I write some code to make authentication header. But when I sent these headers he server respond that "The security token could not be authenticated or authorized"

unsigned int nonce_int = 0, i = 0;
  time_t utcTime = 0;
  struct tm *timeInfo = NULL;
  char sha1_input[100] = { 0 }, sha1_input1[100] = { 0 };
  SHA1Context sha = { 0 };

  nonce_int = GetRandomNumber();
  encode_base64(sizeof(nonce_int), (char*)&nonce_int, nonceLen, noncestr);

  utcTime = time(NULL);
  timeInfo = localtime(&utcTime);
  strftime(timestr, timeLen, "%Y-%m-%dT%H:%M:%SZ", timeInfo);
  printf("\nTime in String Format = %s", timestr);

  sprintf(sha1_input, "%d+%d+%s", nonce_int, utcTime, password);
  strcpy(sha1_input1, sha1_input);

  SHA1Reset(&sha);
  SHA1Input(&sha, (const unsigned char*)sha1_input, strlen(sha1_input));

  if(!SHA1Result(&sha))
  {
    printf("\nERROR-- could not compute message digest");
  }
  else
  {
    memset(sha1_input, 0x00, sizeof(sha1_input));
    /*sprintf(sha1_input, "%X%X%X%X%X", sha.Message_Digest[0], sha.Message_Digest[1],
      sha.Message_Digest[2], sha.Message_Digest[3], sha.Message_Digest[4]);*/

    sprintf(sha1_input, "%u%u%u%u%u", sha.Message_Digest[0], sha.Message_Digest[1],
      sha.Message_Digest[2], sha.Message_Digest[3], sha.Message_Digest[4]);

    printf("\nSHA1 Digest = %s", sha1_input);
    encode_base64(strlen(sha1_input), sha1_input, digestLen, digeststr);
    printf("\nSHA1 Digest Base64 Encoded = %s", digeststr);
  }

after that I sent this request on HTTP using POST method this.

snprintf(postData, sizeof(postData),
      "<?xml version=\"1.0\" encoding=\"utf-8\"?>" 
      "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\"" 
      "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401"
      "-wss-wssecurity-secext-1.0.xsd\""  
      "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-"
      "200401-wss-wssecurity-utility-1.0.xsd\""  
      "xmlns:tds=\"http://www.onvif.org/ver20/ptz/wsdl\">" 
      "<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken>" 
      "<wsse:Username>%s</wsse:Username>" 
      "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-"
      "200401-wss-username-token-profile-1.0#PasswordDigest\">"
          "%s</wsse:Password><wsse:Nonce>%s</wsse:Nonce>" 
      "<wsu:Created>%s</wsu:Created></wsse:UsernameToken>"
      "</wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body>" 
      "<tds:GetNodes>" 
      "</SOAP-ENV:Body></SOAP-ENV:Envelope>", 
      username, base64EncDigest, nonce_char, time_char);

Response:

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope  xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" 
                    xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" 
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                    xmlns:wsa5="http://www.w3.org/2005/08/addressing" 
                    xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" 
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                    xmlns:ptzimg2="http://www.onvif.org/ver10/schema" 
                    xmlns:ptzimg3="http://www.w3.org/2005/05/xmlmime" 
                    xmlns:ptzimg4="http://docs.oasis-open.org/wsn/b-2" 
                    xmlns:ptzimg5="http://docs.oasis-open.org/wsrf/bf-2" 
                    xmlns:ptzimg6="http://docs.oasis-open.org/wsn/t-1" 
                    xmlns:ptzimg1="http://www.onvif.org/ver20/ptz/wsdl" 
                    xmlns:ptzimg7="http://www.onvif.org/ver20/imaging/wsdl" 
                    xmlns:ter="http://www.onvif.org/ver10/error">

    <SOAP-ENV:Header></SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <SOAP-ENV:Code>
                <SOAP-ENV:Value>
                    SOAP-ENV:Sender
                </SOAP-ENV:Value>
                <SOAP-ENV:Subcode>
                    <SOAP-ENV:Value>
                        wsse:FailedAuthentication
                    </SOAP-ENV:Value>
                </SOAP-ENV:Subcode>
            </SOAP-ENV:Code>
            <SOAP-ENV:Reason>
                <SOAP-ENV:Text xml:lang="en">
                    The security token could not be authenticated or authorized
                </SOAP-ENV:Text>
            </SOAP-ENV:Reason>
            <SOAP-ENV:Node>
                http://www.w3.org/2003/05/soap-envelope/node/ultimateReceiver
            </SOAP-ENV:Node>
            <SOAP-ENV:Role>
                http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver
            </SOAP-ENV:Role>
            <SOAP-ENV:Detail></SOAP-ENV:Detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

am I doing anything wrong? Especially when created digest? Thanks

Thanks @Joachim, but now it says that there is some problem with authentication header. I edited my question and attached the Error response. Thanks — Sarfraz Ahmed, May 29 '12 at 11:41

score 0 · Answer 1 · answered Jun 28 '12 at 06:07

0

Check the device time. Assuming that you are generating correct password digest it can be problem that device has different time then you use to sign your request and then the password digest can act like expired.

answered Jun 28 '12 at 06:07

DaNY

191
2
6

Authentication headers not working in ONVIF request?

1 Answers1