EHS5 HTTP Post Basic Authentication Not Being Sent | Telit Cinterion IoT Developer Community
March 16, 2017 - 6:07pm, 4192 views
Hello!
I am working on sending an HTTP Post to a server that uses basic authentication and I have not been able to get the modem to send out the authentication header containing the username and password.
What I have tried and looked at so far:
* I have verified that my modem is using the GSM character set
* I have tried defining the user name and password on their own using the "passwd" and "user" variables when defining my service profile
* I have tried placing the username and password in the URL for the server (both using the escape for '@' and also simply using the @ symbol)
When I use the escape character for '@', I get a parameter error - bad address when trying to open the HTTP service. When I simply place the '@' character in the string, it appears to accept it, but again, the basic authentication is not sent with the HTTP Post. I don't understand why the @ symbol appears to be accepted (it might not be in reality, but I can't tell), yet the escape sequence is NOT accepted, even though the documentation leads me to think that just the opposite should be working given I am using the GSM character set.
I have version 3.001 of firmware on my modem; is there any chance it ***** to be updated? Is there a location to find the latest versions of firmware and a change log for the different firmware versions?
I am posting to the httpbin.org/post service at the moment that will bounce my post request right back to me for inspection. I have also used the requestb.in service to catch and view my post requests as well. Neither service is showing me the authentication (and I can "hurl" a post at those services using basic authentication, and I do see the authentication, so I think I know what to look for).
I'd like to confirm I don't need to define the authentication type for PDP using AT^SGAUTH or anything like that to activate the basic HTTP authentication. My understanding is that if I place a username and password in the service profile, it will use them when the post command occurs. Is that correct?
Thanks so much for any feedback anyone can offer me!
Adam
Here is a "sniffed" log file of one of the many transactions that I have tried, that I *think* should work based on my current understanding (USER NAME and Password are changed from real, but show the characters and format that are typically used):
3/16/2017 11:04:42.145 [COM2] - AT^SICS=0,conType,none<CR><LF>
3/16/2017 11:04:42.173 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:42.186 [COM2] - AT^SICS=0,conType,GPRS0<CR><LF>
3/16/2017 11:04:42.217 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:42.229 [COM2] - AT^SICS=0,apn,"Broadband"<CR><LF>
3/16/2017 11:04:42.257 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:42.771 [COM2] - AT^SISS=6,srvType,"Http"<CR><LF>
3/16/2017 11:04:43.007 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.033 [COM2] - AT^SISS=6,conId,"0"<CR><LF>
3/16/2017 11:04:43.067 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.096 [COM2] - AT^SISS=6,"address","http://httpbin.org/post"<CR><LF>
3/16/2017 11:04:43.126 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.156 [COM2] - AT^SISS=6,"user","10101"<CR><LF>
3/16/2017 11:04:43.175 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.205 [COM2] - AT^SISS=6,"passwd","D5NtS"<CR><LF>
3/16/2017 11:04:43.228 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.246 [COM2] - AT^SISS=6,cmd,"post"<CR><LF>
3/16/2017 11:04:43.261 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.286 [COM2] - AT^SISS=6,"hcContLen","2"<CR><LF>
3/16/2017 11:04:43.320 [COM3] - <CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.348 [COM2] - AT^SISO=6<CR><LF>
3/16/2017 11:04:43.424 [COM3] - <CR><LF>
OK<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"Http httpbin.org:80"<CR><LF>
<CR><LF>
^SISW: 6,1<CR><LF>
3/16/2017 11:04:43.585 [COM2] - ATI1<CR><LF>
3/16/2017 11:04:43.608 [COM3] - <CR><LF>
Cinterion<CR><LF>
EHS5-US<CR><LF>
REVISION 03.001<CR><LF>
A-REVISION 00.000.31<CR><LF>
<CR><LF>
OK<CR><LF>
3/16/2017 11:04:43.630 [COM2] - AT^SISW=6,199,1<CR><LF>
3/16/2017 11:04:43.761 [COM3] - <CR><LF>
^SISW: 6,199,0<CR><LF>
3/16/2017 11:04:43.794 [COM2] - cust=ADAM<LF>
proc_fw=4.68<LF>
cpld_fw=0.02<LF>
modem_manuf=Cinterion<LF>
modem_model=EHS5-E<LF>
modem_sn=4764177927<LF>
sim_imei=357041062026839<LF>
sim_iccid=89014103278148719019<LF>
sim_imsi=310410814871901<LF>
call_spacing=120,360<LF>
3/16/2017 11:04:47.315 [COM3] - <CR><LF>
OK<CR><LF>
<CR><LF>
^SISW: 6,2<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"HTTP POST: http://httpbin.org/post"<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"HTTP POST Response: 200"<CR><LF>
<CR><LF>
^SISR: 6,1<CR><LF>
3/16/2017 11:04:55.813 [COM2] - AT^SISR=6,0<CR><LF>
3/16/2017 11:04:55.830 [COM3] - <CR><LF>
^SISR: 6,669<CR><LF>
<CR><LF>
OK<CR><LF>
3/16/2017 11:04:55.854 [COM2] - AT^SISR=6,669<CR><LF>
3/16/2017 11:04:55.927 [COM3] - <CR><LF>
^SISR: 6,669<CR><LF>
{<LF>
"args": {}, <LF>
"data": "", <LF>
"files": {}, <LF>
"form": {<LF>
"cust": "ADAM\nproc_fw=4.68\ncpld_fw=0.02\nmodem_manuf=Cinterion\nmodem_model=EHS5-E\nmodem_sn=4764177927\nsim_imei=357041062026839\nsim_iccid=89014103278148719019\nsim_imsi=310410814871901\ncall_spacing=120,360\n"<LF>
}, <LF>
"headers": {<LF>
"Accept": "*/*", <LF>
"Content-Length": "199", <LF>
"Content-Type": "application/x-www-form-urlencoded", <LF>
"Host": "httpbin.org", <LF>
"User-Agent": "EHS5-US/357041062026839 Profile/IMP-NG Configuration/CLDC-1.1", <LF>
"Via": "HTTP/1.1 aln2nz05msp2ts04.wnsnet.attws.com"<LF>
}, <LF>
"json": null, <LF>
"origin": "166.137.125.52", <LF>
"url": "http://httpbin.org/post"<LF>
}<LF>
3/16/2017 11:04:56.006 [COM2] - AT^SISC=6<CR><LF>
3/16/2017 11:04:56.129 [COM3] - <CR><LF>
OK<CR><LF>
Hello,
The address "http://httpbin.org/post" which you are connecting to does not require the authentication.
I have tried with "GET" and the address "http://httpbin.org/basic-auth/user/passwd" with my EHS5 module both with user and password configured in the address and with separate commands. In my case the escape '\00' was required instead of '@' character.
Wrong user and password example:
at^siss=0,"address","http://dddd:eeee\00httpbin.org/basic-auth/user/passwd"
OK
at^siso=0
OK
^SIS: 0,0,2200,"Http httpbin.org:80"
^SIS: 0,0,204,"HTTP-ERR: authentication failed"
at^sisc=0
OK
Correct user and password example:
at^siss=0,"address","http://user:passwd\00httpbin.org/basic-auth/user/passwd"
OK
at^siso=0
OK
^SIS: 0,0,2200,"Http httpbin.org:80"
^SISR: 0,1
at^sisr=0,100
^SISR: 0,47
{ "authenticated": true, "user": "user"}
OK
^SISR: 0,2
at^sisc=0
OK
Can you try it with any "POST" test server that requires the basic authentication?
The latest official software is A-REVISION 00.000.50.
Best regards,
Bartłomiej
Thanks for the response Bartłomiej,
I tried the GET command earlier today, and I was able to get that to work the same way it worked for you when I configured the user and passwd with the separate commands. With version 00.000.31 of firmware, I would get a parameter error whenever I placed the user and pass in the URL with the escape characters for '@'. Oddly enough, when I tried a much older modem sitting around with version 00.000.15 of firmware, that unit WILL accept the user and pass in the URL.
Yet on the older version of firmware (00.000.15), I still cannot get the HTTP Post command to send out the authentication header, even when I do post to a server that does require the authentication.
I'm fearing I'm dealing with a firmware bug in the modem right now. Is there any chance this is correct? I have been on this for 6 straight days, so I'm not suggesting this without a lot of attempts to make this work in many different ways.
Is there any chance you could give me an example of a post command that uses authentication, AND you have verified that it works?? If you can do that, I would love to know the version of firmware that it works on, and then get a document that describes the changes between versions. OR, if you could test this on version 00.000.31 of firmware, and let me know how to make it work, I would be massively greatful!!!
Thanks so much for reviewing this and helping me figure out what I might be doing wrong, or what I might need to do to get this to work if I am running on a version that might not be working perfectly.
All the best,
Adam
Here is an example of the HTTP Post mostly working (but still not sending the authentication header) on version 00.000.15:
3/17/2017 13:07:39.867 [COM2] - AT^SICS=0,conType,none<CR><LF>
3/17/2017 13:07:39.910 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:39.930 [COM2] - AT^SICS=0,conType,GPRS0<CR><LF>
3/17/2017 13:07:39.964 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:39.992 [COM2] - AT^SICS=0,apn,"Broadband"<CR><LF>
3/17/2017 13:07:40.015 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:40.534 [COM2] - AT^SISS=6,srvType,"Http"<CR><LF>
3/17/2017 13:07:40.780 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:40.796 [COM2] - AT^SISS=6,conId,"0"<CR><LF>
3/17/2017 13:07:40.841 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:40.866 [COM2] - AT^SISS=6,"address","http://20202:9IP3q\00httpbin.org:80/post"<CR><LF>
3/17/2017 13:07:40.908 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:40.927 [COM2] - AT^SISS=6,cmd,"post"<CR><LF>
3/17/2017 13:07:40.976 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:40.990 [COM2] - AT^SISS=6,"hcContLen","2"<CR><LF>
3/17/2017 13:07:41.026 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:07:41.051 [COM2] - AT^SISO=6<CR><LF>
3/17/2017 13:07:41.145 [COM3] - <CR><LF>
OK<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"Http httpbin.org:80"<CR><LF>
<CR><LF>
^SISW: 6,1<CR><LF>
3/17/2017 13:07:41.309 [COM2] - ATI1<CR><LF>
3/17/2017 13:07:41.339 [COM3] - <CR><LF>
Cinterion<CR><LF>
EHS5-US<CR><LF>
REVISION 02.000<CR><LF>
A-REVISION 00.000.15<CR><LF>
<CR><LF>
OK<CR><LF>
3/17/2017 13:07:41.361 [COM2] - AT^SISW=6,199,1<CR><LF>
3/17/2017 13:07:41.509 [COM3] - <CR><LF>
^SISW: 6,199,0<CR><LF>
3/17/2017 13:07:41.527 [COM2] - cust=ADAM<LF>
proc_fw=4.68<LF>
cpld_fw=0.02<LF>
modem_manuf=Cinterion<LF>
modem_model=EHS5-E<LF>
modem_sn=4764036876<LF>
sim_imei=357330051412732<LF>
sim_iccid=89014103278148719019<LF>
sim_imsi=310410814871901<LF>
call_spacing=120,360<LF>
3/17/2017 13:07:45.769 [COM3] - <CR><LF>
OK<CR><LF>
<CR><LF>
^SISW: 6,2<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"HTTP POST: http://20202:9IP3q\00httpbin.org:80/post"<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"HTTP POST Response: 200"<CR><LF>
<CR><LF>
^SISR: 6,1<CR><LF>
3/17/2017 13:07:53.547 [COM2] - AT^SISR=6,0<CR><LF>
3/17/2017 13:07:53.565 [COM3] - <CR><LF>
^SISR: 6,817<CR><LF>
<CR><LF>
OK<CR><LF>
3/17/2017 13:07:53.587 [COM2] - AT^SISR=6,817<CR><LF>
3/17/2017 13:07:53.671 [COM3] - <CR><LF>
^SISR: 6,817<CR><LF>
{<LF>
"args": {}, <LF>
"data": "", <LF>
"files": {}, <LF>
"form": {<LF>
"cust": "ADAM\nproc_fw=4.68\ncpld_fw=0.02\nmodem_manuf=Cinterion\nmodem_model=EHS5-E\nmodem_sn=4764036876\nsim_imei=357330051412732\nsim_iccid=89014103278148719019\nsim_imsi=310410814871901\ncall_spacing=120,360\n"<LF>
}, <LF>
"headers": {<LF>
"Accept": "*/*", <LF>
"Connect-Time": "0", <LF>
"Connection": "close", <LF>
"Content-Length": "199", <LF>
"Content-Type": "application/x-www-form-urlencoded", <LF>
"Host": "httpbin.org", <LF>
"Total-Route-Time": "0", <LF>
"User-Agent": "Profile/MIDP-2.0 Configuration/CLDC-1.0 UNTRUSTED/1.0", <LF>
"Via": "HTTP/1.1 aln2nz05msp1ts09.wnsnet.attws.com, 1.1 vegur", <LF>
"X-Request-Id": "4aba7feb-6954-44ff-aa6e-7ca6724d0b12"<LF>
}, <LF>
"json": null, <LF>
"origin": "166.137.125.32", <LF>
"url": "http://httpbin.org/post"<LF>
}<LF>
3/17/2017 13:07:53.759 [COM2] - AT^SISC=6<CR><LF>
3/17/2017 13:07:53.893 [COM3] - <CR><LF>
OK<CR><LF>
-----------------------------------------------
AND HERE IS A VERSION THAT SENDS IN A POST TO A SERVER THAT REQUIRES AUTHENTICATION, YET STILL DOES NOT SEND THE AUTHENTICATION (AND THEN I GET AN ERROR 401). I GET THE SAME RESULTS WITH 00.000.15 and 00.000.31 (although on 31, I need to set the user name and password separately)
-----------------------------------------------
3/17/2017 13:22:46.245 [COM2] - AT^SICS=0,conType,none<CR><LF>
3/17/2017 13:22:46.280 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:46.306 [COM2] - AT^SICS=0,conType,GPRS0<CR><LF>
3/17/2017 13:22:46.332 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:46.349 [COM2] - AT^SICS=0,apn,"Broadband"<CR><LF>
3/17/2017 13:22:46.377 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:46.891 [COM2] - AT^SISS=6,srvType,"Http"<CR><LF>
3/17/2017 13:22:47.140 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:47.153 [COM2] - AT^SISS=6,conId,"0"<CR><LF>
3/17/2017 13:22:47.202 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:47.223 [COM2] - AT^SISS=6,"address","http://20202:8Cdak\00dps.m2m.REALSERVERNAMEHERE.com/cm"<CR><LF>
3/17/2017 13:22:47.272 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:47.285 [COM2] - AT^SISS=6,cmd,"post"<CR><LF>
3/17/2017 13:22:47.325 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:47.346 [COM2] - AT^SISS=6,"hcContLen","2"<CR><LF>
3/17/2017 13:22:47.378 [COM3] - <CR><LF>
OK<CR><LF>
3/17/2017 13:22:47.408 [COM2] - AT^SISO=6<CR><LF>
3/17/2017 13:22:47.492 [COM3] - <CR><LF>
OK<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"Http dps.m2m.REALSERVERNAMEHERE.com:80"<CR><LF>
<CR><LF>
^SISW: 6,1<CR><LF>
3/17/2017 13:22:47.646 [COM2] - ATI1<CR><LF>
3/17/2017 13:22:47.669 [COM3] - <CR><LF>
Cinterion<CR><LF>
EHS5-US<CR><LF>
REVISION 02.000<CR><LF>
A-REVISION 00.000.15<CR><LF>
<CR><LF>
OK<CR><LF>
3/17/2017 13:22:47.689 [COM2] - AT^SISW=6,199,1<CR><LF>
3/17/2017 13:22:47.843 [COM3] - <CR><LF>
^SISW: 6,199,0<CR><LF>
3/17/2017 13:22:47.875 [COM2] - cust=ADAM<LF>
proc_fw=4.68<LF>
cpld_fw=0.02<LF>
modem_manuf=Cinterion<LF>
modem_model=EHS5-E<LF>
modem_sn=4764036876<LF>
sim_imei=357330051412732<LF>
sim_iccid=89014103278148719019<LF>
sim_imsi=310410814871901<LF>
call_spacing=120,360<LF>
3/17/2017 13:22:51.951 [COM3] - <CR><LF>
OK<CR><LF>
<CR><LF>
^SISW: 6,2<CR><LF>
<CR><LF>
^SIS: 6,0,2200,"HTTP POST: http://20202:8Cdak\00dps.m2m.REALSERVERNAMEHERE.com/cm"<CR><LF>
<CR><LF>
^SIS: 6,0,8002,"HttpHTTP POST: IllegalArgumentException HTTP-CODE: 401"<CR><LF>
--------------------------------------
As a side note, even though the HTTP BIN / post does not require authentication, I'm pretty certain the authentication header should be generated and sent out. That is how other HTTP test post requests I have made to all of the HTTP test websites have behaved, so I'm not sure why the stack in the EHS5 would behave any differently??
Hello,
I'm testing with the firmware REVISION 03.001 A-REVISION 00.000.50 which is the latest official version.
I have traced on the module's side the "GET" requests with the configured user and password. And the behavior was similar to the web browser: in the first request there was no authorization data in the header. After the server replied with "401 UNAUTHORIZED" the module has sent the request again with authorization and then the connection succeeded.
Unfortunately at the moment I don't have the server accepting POST that would require authorization for test. If you could grant me access to your test server I could verify with yours.
I have tried with to send "POST" to http://test.webdav.org/auth-basic (which in fact doesn't accept POST), but the server has replied with status 401 Authorization Required and after that there was no another attempt form the module.
But in a meantime there's a workaround I have also tested - it is possible to add the authorization data manually to the header like below:
at^siss=0,"hcProp","Authorization: Basic dXNlcjE6dXNlcjE="
In my case it was also working.
Regards,
Bartłomiej
Hi Bartłomiej,
That was a fantastic work-around!!!!! I was able to get the post to work by using that. I'm still not sure why it wouldn't work through the normal methods, but I'm thinking there might be a bug there in the modem firmware.
I would totally give you access to our server if I could, but I don't have control over it (we have a partner that maintains and guards that pretty closely). The password for the user names are also time dependent (to a 15 second window), so I can't even just pass along a username / password to use.
To get it up and running I also needed to pass along a plain-text content type key in the same hcProp setting, and was able to get that all figured out as well.
Thanks a ton for the support on this -- I was really glad to see the workaround idea, and even more happy when I was able to get it to work.
Thanks so much!
Adam
Hi,
I'm also happy that it's working for you.
I'll try to set up my own server and will check it to be sure if we need a fix.
Best regards,
Bartłomiej
Hi
Any fix??
I tried the above stated solutions but it didnt work for me
It still shows 401 error.
regards,
SS
Hello,
The problem here was that basic authentication was not working in EHSx modules for HTTP POST. The authentication type and credentials were not added to HTTP header even though user and password were configured with AT^SISS command.
I have just checked that this has not been fixed. But there is a simple workaround - to add the authentication type and credentials to HTTP header manually with AT^SISS command like in this example below:
at^siss=0,"hcProp","Authorization: Basic dXNlcjE6dXNlcjE="
Was it not working for you? Please share more information, paste a log with connection configuration and execution. Please also share ATI1 command reply.
Are you sure that you have properly encoded the credentials?
Best regards,
Bartłomiej
Hi,
This worked for me:
at^siss=1,"hcProp","Authorization: Basic (user:passwd in base64 format)\0d\0aContent-Type:application/json".
but this didn't work:
Regards,
SS
So the workaround has worked and the standard solution, which is unfortunately not fixed yet, has not.
I hope that it is not a big problem to use this workaround.
Best regards,
Bartłomiej