3 Replies Latest reply: Feb 16, 2010 3:16 AM by Billy~Verreynne RSS

    utl_http, digest Authentication

    531870
      Hi!

      I need an example of how to communicate with xml-files using utl_http and digest Authentication?
      Is it possible with utl_http?
      Examples?

      Regards
      Tobias
        • 1. Re: utl_http, digest Authentication
          Billy~Verreynne
          Tobias wrote:

          I need an example of how to communicate with xml-files using utl_http and digest Authentication?
          Is it possible with utl_http?
          I think so.. as this requires adding data to the HTTP header which you can do using the utl_http.set_header command.

          The issue is calculating the MD5 hashes and dealing with the initial handshaking. This may be complex, but I do not see these offhand as being impossible to do in PL/SQL.
          Examples?
          No Digest configured web server nearby or I would definitely have had a bash at this... If you look at http://en.wikipedia.org/wiki/Digest_access_authentication and scroll down to the example (what the browser sends and how the server reponds).

          The digest is included with the GET request in the example. The following PL/SQL code snippet should generate the equivalent content:
          .. variables and stuff ..
          begin
                  ..code..
          
                  request := utl_http.begin_request( '/dir/index.html', 'GET', utl_http.HTTP_VERSION_1_1 );
                  utl_http.set_header( request, 'User-Agent', C_USER_AGENT );
                  utl_http.set_header(
                          request,
                          'Authorization: Digest username="Mufasa",
                          realm="testrealm@host.com",
                          nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                          uri="/dir/index.html",
                          qop=auth,
                          nc=00000001,
                          cnonce="0a4f113b",
                          response="6629fae49393a05397450978507c4ef1",
                          opaque="5ccc069c403ebaf9f0171e9517f40e41"'
                  );
          • 2. Re: utl_http, digest Authentication
            531870
            Hi,

            What to send to the "name" parameter, have tried the name of the HTTP response header (www-authenticate)?

            I will get ORA-29261: bad argument

            utl_http.set_header (
            r => req
            ,name => ??
            ,value => p_authorization_str_in
            );

            Regards
            Tobias
            • 3. Re: utl_http, digest Authentication
              Billy~Verreynne
              Hmm.. this writes the name and the 2nd parameter value into the HTTP header. In that case, you should be able to use "+Authorization+" as the name and the value as the auth string itself (minus that keyword of course).

              The best would be to get the web server to trace/dump the entire request header to confirm the formatting is correct. You can even write your own little web server using Perl/Delphi/C/etc that simply accepts a TCP connection on port 80, do a socket read, display the text read, and then return a text error response (e.g. a HTTP 404).

              It will be difficult to troubleshoot this authentication if you're not sure that the formatting on the PL/SQL side is correct. So I would first get that to work, before testing that against a real web for digest authentication.