Python Digest authentication against MS MapPoint

[trapeze.jsg]

Hi.

Is there anybody who have tried to use python to access Microsofts
MapPoint soap services? I am trying hard but I have run into a big
thick wall called md5 digest authentication. The MapPoint service uses
rfc2617 to authenticate the user. I have a working account for this
which works using C# dotnet and Borland Delphi 6.0. When I try to
authenticate using python it fail.

Here is what I do to provoke the rfc2617 challenge:
import urllib2
r=urllib2.Request('http://findv3.staging.mappoint.net/Find-30/FindService.asmx')
auth_handler = urllib2.HTTPDigestAuthHandler()
auth_handler.add_password('MapPoint','findv3.staging.mappoint.net','user','passwd')
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
urllib2.urlopen(r)

I can see using ethereal to monitor the network trafic, that urllib2
resonds to the challenge in a way that seems reasenable, but
authorization is not granted:




Challenge:
HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 05 Sep 2005 07:19:28 GMT
Server: Microsoft-IIS/6.0
P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
WWW-Authenticate: Digest qop="auth", realm="MapPoint",
nonce="de28fc616ef19b278674095211006e1fcceb504c93d76d242aa90491e640"
Content-Length: 0


Response:
GET /Find-30/FindService.asmx HTTP/1.1
Accept-Encoding: identity
Host: findv3.staging.mappoint.net
Connection: close
Authorization: Digest username="106288", realm="MapPoint",
nonce="de28fc616ef19b278674095211006e1fcceb504c93d76d242aa90491e640",
uri="/Find-30/FindService.asmx",
response="2259380697df5b32a010a2d622415d10", qop=auth, nc=00000001,
cnonce="6a949f85f64abd0f"
User-agent: Python-urllib/2.4


Best regards Jakob Simon-Gaarde

 

[=?ISO-8859-1?Q?paul_k=F6lle?=]

(e-mail address removed) wrote:
[problem with digest auth]

sorry for giving such a generic advice, but I'd capture the headers of
the C# app and compare with the urllib version line by line. Try to
reproduce the exact header with python (except the response and cnonce
of course). Maybe IIS has its own "version" of rfc2617.

hth
Paul

 

[trapeze.jsg]

Hi

The requests made by python and C# dotnet are strikingly similar. Thats
why I am putting my money on that it is the rfc2617 part that makes the
difference.

Since this posting was created, I have also tried gSoap. But again with
no luck. While python failed to authorize, gSoap stops with a "400 BAD
REQUEST" when authorizing probably meaning that the request has bad
syntax.

It would be nice if someone with expert knowledge on this matter (say
the maintainer) could give this a try just to see where the
communication goes wrong. I can provide authorized credtiels for the
realm to whoever would like to try.

Best regards Jakob Simon-Gaarde