AXL Authentication

Version 1
    This document was generated from CDN thread

    Created by: dan turner on 26-01-2010 12:37:18 PM
    Hey guys, 

    I'm just beginning to have a look at AXL development.
     
    I'm just trying to get the basics working at the moment but i'm having issues authenticating (error 401)
     
    I originally tried using the CCM admin username and had the same problem so i made a dedicated AXL user which still doesn't work :*(
     
     
    here's my code, it would be amazing if anyone can point me in the right direction!
     
    Dan
     

    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Text;
    using System.Windows.Forms;
    using System.Net;
    using System.IO;
    using System.Security.Cryptography.X509Certificates;
    using System.Net.Security;
    using System.Xml;
    using System.Reflection;
     
     
    namespace WindowsFormsApplication5
    {
        public class MyPolicy : ICertificatePolicy
        {
            public bool CheckValidationResult(ServicePoint srvPoint,
              X509Certificate certificate, WebRequest request,
              int certificateProblem)
            {
                return true;
            }
        }
     
        public partial class Form1 : Form
        {
            public Form1()
            {
                InitializeComponent();
            }
     
            private void button1_Click(object sender, EventArgs e)
            {
                System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
                string axlrequest = "getPhone";
     
                HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://88.x.x.x:8443/axl");
     
                req.Credentials = new NetworkCredential("AxlUser", "password");
                req.ContentType = "text/xml";
                req.Method = "POST";
                req.Accept = "text/xml";
                req.ProtocolVersion = System.Net.HttpVersion.Version10;
                Stream s = req.GetRequestStream();
     
                string soaprequest;
                soaprequest = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\'http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema'>\n";
                soaprequest += "<SOAP-ENV:Body>\n";
                soaprequest += "<axl:" + axlrequest + " xmlns:axl='http://www.cisco.com/AXL/1.0' xsi:schemaLocation='http://www.cisco.com/AXL1.0 http://ccmserver/schema/axlsoap.xsd' sequence='1234'><phoneName>SEP222222222245</phoneName>\n";
                soaprequest += "</axl:" + axlrequest + ">\n";
                soaprequest += "</SOAP-ENV:Body>\n";
                soaprequest += "</SOAP-ENV:Envelope>";
     
                s.Write(System.Text.Encoding.ASCII.GetBytes(soaprequest), 0, soaprequest.Length);
     
                s.Close();
     
                WebResponse resp = req.GetResponse();
                StreamReader sr = new StreamReader(resp.GetResponseStream());
                            string XMLResult = sr.ReadToEnd();
     
            }
        }
    }
     

    Subject: RE: AXL Authentication
    Replied by: Dan-Anders Hook on 31-01-2010 03:10:15 PM
    Hi,
     
    Maybe You can use a web debugging tool like fiddler to verify that you are actually sending the correct xml etc? Fiddler which is available at http://www.fiddler2.com/fiddler2/ can help you decode the packet. You might have to tweak your code so fiddler can see what you are sending. This is because fiddler works as a proxy. You could also have a look at the AXL logs on the CUCM, but I think you will have more luck using fiddler.
     
    Kind regards,
     
    //Dan

    Subject: RE: AXL Authentication
    Replied by: dan turner on 01-02-2010 09:45:13 AM
    Hey Dan, 
     
    Thanks for that!
     
    I've had a look at fiddler and this appears to be what i'm sending...
     
     
    POST https://192.168.200.15:8443/axl HTTP/1.0
    SOAPAction: http://schemas.cisco.com/ast/soap/action/
    Content-Type: text/xml
    Accept: text/xml
    Host: 192.168.200.15:8443
    Content-Length: 442
    Connection: Keep-Alive
     
     
    i.e. no authentication!
     
    I've changed my code slightly and now I am adding the auth header... 
     
     
    POST https://192.168.200.15:8443/axl HTTP/1.0
    Authorization: Basic XXXXXXXXXXXXXXXXXXXXXxx=
    SOAPAction: http://schemas.cisco.com/ast/soap/action/
    Content-Type: text/xml
    Accept: text/xml
    Host: 192.168.200.15:8443
    Content-Length: 442
    Connection: Keep-Alive
     
    but i'm still getting not authorised...
     
     
    I'm using the call manager admin username so i should have access right?
     
    is it possible that the XML is wrong?
     
    this is what i'm sending:
     

    <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema'>
    <SOAP-ENV:Body>
    <axl:getPhone xmlns:axl='http://www.cisco.com/AXL/7.0' xsi:schemaLocation='http://www.cisco.com/AXL7.0 http://ccmserver/schema/axlsoap.xsd' sequence='1234'><phoneName>SEP222222222245</phoneName>
    </axl:getPhone>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>
     

    i cant really work out why that isn't working

    Subject: RE: AXL Authentication
    Replied by: David Staudt on 01-02-2010 04:44:25 PM
    A working header (generated by soapUI) looks like this:
     
    POST https://10.88.131.133:8443/axl/ HTTP/1.1
    Accept-Encoding: gzip,deflate
    Content-Type: text/xml;charset=UTF-8
    SOAPAction: "CUCMB ver=7.0 getPhone"
    User-Agent: Jakarta Commons-HttpClient/3.1
    Content-Length: 319
    Authorization: Basic QWRtaW5pc3RyYXRvcjpjaXNjbyExMjM=
    Host: 10.88.131.133:8443
     
    Note there is a missing '/' in your version on the end of the URL '.../axl'
     
    You can validate the credentials by using a standard web browser to https://ucm_ip_address:8443/axl/
    It will prompt you for the credentials to use, and then display a small status message.

    Subject: RE: AXL Authentication
    Replied by: dan turner on 01-02-2010 04:55:32 PM
    LOL.
     
    David, you rule.
     
    It was just that / in the URL.
     
    I knew it was something monstrously silly
     
    Thanks so much mate
     
    Dan