0

I am getting '(400) Bad Request.' when I try complete authenticate against an ALM REST API, the first part (authentication) is successful) and I get the LWSSO_COOKIE_KEY, but site-session always fails with a 400 error code.

What am I doing wrong please... very confused!

    // Authentication XML : 0 = User, 1 = Password
    private const string AuthenticationXML = @"<alm-authentication>" +
        "<user>{0}</user><password>{1}</password></alm-authentication>";

    baseRequestURL = settings.QualityCentreURL + "/qcbin/";

Authentication is done first (and is successful) :

string authRequest = baseRequestURL + "authentication-point/alm-authenticate";
HttpWebRequest myauthrequest = (HttpWebRequest)WebRequest.Create(authRequest);

string xml = String.Format(AuthenticationXML, qcSettings.Username, qcSettings.Password);

byte[] Requestbytes = Encoding.UTF8.GetBytes(xml);
myauthrequest.Method = "POST";
myauthrequest.ContentType = "application/xml";
myauthrequest.ContentLength = Requestbytes.Length;
myauthrequest.Accept = "application/xml";

Stream RequestStr = myauthrequest.GetRequestStream();
RequestStr.Write(Requestbytes, 0, Requestbytes.Length);
RequestStr.Close();
HttpWebResponse myauthres = (HttpWebResponse)myauthrequest.GetResponse();

authenticationCookie = myauthres.Headers.Get("Set-Cookie");

The Site-Session code is : 

    public void GetSiteSession()
    {
        // Creat the web request fore site-session.
        string request = baseRequestURL + "rest/site-session";
        HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(request);

        string xml = String.Empty;
        byte[] requestbytes = Encoding.UTF8.GetBytes(xml);

        // Update the attributes before sending.
        webRequest.Method = "POST";
        webRequest.ContentType = "application/xml";
        webRequest.Accept = "application/xml";
        webRequest.Headers.Set(HttpRequestHeader.Cookie, authenticationCookie);

        try
        {
            Stream requestStream = webRequest.GetRequestStream();
            requestStream.Write(requestbytes, 0, requestbytes.Length);
            requestStream.Close();

            HttpWebResponse webRequestResponse = (HttpWebResponse)webRequest.GetResponse();
            Stream responseStream = webRequestResponse.GetResponseStream();
            XDocument doc = XDocument.Load(responseStream);
        }
        catch (System.Net.WebException except)
        {
            Console.WriteLine(except.Message);
        }
    }

I have tried cutting ;Path=/;HTTPOnly from LWSSO_COOKIE_KEY as per this question, but to no avail.

The API reference I found(here) seems to be a big vague or, possibly that I haven't understood it... :P

Swatcat
  • 73
  • 6
  • 21
  • 57
  • Are you passing the LWSSO_COOKIE_KEY when making post request to `rest/site-session`? – Barney Nov 10 '17 at 15:05
  • @Barney Hi, yes - webRequest.Headers.Set(HttpRequestHeader.Cookie, authenticationCookie); This was taken from some example code, is that the correct way to set it? – Swatcat Nov 10 '17 at 15:11
  • authenticationCookie = "LWSSO_COOKIE_KEY=hnzW3mkqZzXzfUzQRscDZz6u-T2qm2DyG25HdVeQ-FVM0UhlPDFQ1kSp8vReWF4etsYhHFOD47DS0gfZ-E91VisYxnTNhdJ9YuhrP74RaabUMOH4OYlhn4_D6ep55PoTeZYgk-1l1dSNfdZb3NwK85yxk2YaajsPrn7cqsAlNIvvvNi3AdOIbrh9oyrS5r3LVo8cCGG_OJ2iwK9nyy8HA325bq4N7JWO7vna2NqBwS_A0Kr2h7_dVs_t_8rlHrwnkegjC2R2dUAL_V_ZZYBR-cARJu8Z4JP-1i73T2PQYGBvpJNrlvnqg9VZz8WITrl9" – Swatcat Nov 10 '17 at 15:12
  • I am not familiar with C#. Adding LW cookie in the header should work. – Barney Nov 10 '17 at 15:24

1 Answers1

0

Apologies, it seems that with 12.53 I should have been using 'api/authentication/sign-in'

        string requestURL = baseRequestURL + "api/authentication/sign-in";

        try
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(requestURL);

            var credentials = String.Format("{0}:{1}", qcSettings.Username, qcSettings.Password);
            request.CookieContainer = authenticationCookieContainer;
            request.Headers.Set(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(credentials)));

            var authResponse = request.GetResponse();
            errorString = String.Empty;
        }
        catch (System.Net.WebException except)
        {
            errorString = except.Message;
            return false;
        }

        errorString = String.Empty;
        return true;
    }
Swatcat
  • 73
  • 6
  • 21
  • 57