How to control access to IP phones XML services?

Version 1
    This document was generated from CDN thread

    Created by: Anas FEDOUL on 02-06-2011 06:30:32 AM
    Hello,
     
    I developped my own XML services applications for Cisco Ip phones 9971 9951 and 8961 series using CUCM7. My applications are deployed in a remote server with fixed IP address. So naturally, every ip phone from every Call Manager can use these applications just by entering the corresponding URL! Is there any solution to control this unlegal use and detect IP phones (by MAC address for example)  that are not allowed to use these applications? Thansk in advance.

    Subject: RE: How to control access to IP phones XML services?
    Replied by: SENOL KARAHASAN on 02-06-2011 06:39:33 AM
    Hello,
     
    I developped my own XML services applications for Cisco Ip phones 9971 9951 and 8961 series using CUCM7. My applications are deployed in a remote server with fixed IP address. So naturally, every ip phone from every Call Manager can use these applications just by entering the corresponding URL! Is there any solution to control this unlegal use and detect IP phones (by MAC address for example) that are not allowed to use these applications? Thansk in advance.


    Get request ip address and parse xml values from ip phone: ex:
     

    <font size="2">
    Request.ServerVariables[
    </font>
    "REMOTE_ADDR"] //get ip address
    http://ipPhoneIpAddress/DeviceInformationX //get xml information from phone and parse Mac address
     
    In your program, you'll check mac address or default tftp address.....
     
    Bilgehan.<font size="2">
     
    </font>
     
     

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Anas FEDOUL on 02-06-2011 07:00:04 AM
    Thanks for your help. But I really did not understand how can I get the MAC address of the IP phone even if I got his IP address.

    What do you mean by the line

    http://ipPhoneIpAddress/DeviceInformationX

    If I make a test in my browser, can I get the result? Is it technically possible? does the IP phone have his own website or he get all his informations from the CUCM?

    Subject: RE: How to control access to IP phones XML services?
    Replied by: SENOL KARAHASAN on 02-06-2011 07:18:54 AM
    Thanks for your help. But I really did not understand how can I get the MAC address of the IP phone even if I got his IP address.

    What do you mean by the line

    http://ipPhoneIpAddress/DeviceInformationX

    If I make a test in my browser, can I get the result? Is it technically possible? does the IP phone have his own website or he get all his informations from the CUCM?

    Hi again,
     
    It is possible to get phone information from phone web page. Every ip phone has web servis. In call manager, give web access to phones and try
    http://ipPhoneIpAddress/DeviceInformationX address. You can find lots of information about phone.
     
    Thanks,
    Bilgehan.

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Jeffrey Ness on 02-06-2011 08:37:59 AM
    I would have the service URL include the special variable #DEVICENAME# which will have the phones device name (generally SEP followed by the MAC address) and then check that in your application.

    Service URL example: http://1.1.1.1/someapp.aspx?device=#DEVICENAME#

    The phones supply their device name on the fly replacing #DEVICENAME# and then your code can handle the http variable and perform whatever security checking you desire.

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Anas FEDOUL on 03-06-2011 06:48:54 AM
    Thansk a lot for your interesting answer Jeffrey. I think it is the idea suitable for me. But in my case I have 80 Ip phones, and the service URL is entered just one time when adding the service in the CUCM graphical interface. So in this case I can not enter 80 DEVICE NAME !!!  I think the solution will be to make control under the CUCM MAC address (device name). Like that, we will have to enter just one variable and control the hole 8O IP phones. What do you think?

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Jeffrey Ness on 03-06-2011 07:37:30 AM
    Yes the service URL is entered 1 time and when you update subscriptions it will push the new SURL to the phones.  Are you saying you don't want to put the 80 device names in your application to check against?  I'm don't understand what you
    mean 'make control under the CUCM MAC address' unless you mean just controlling in CUCM which phones are subscribed to the service?

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Anas FEDOUL on 03-06-2011 08:06:18 AM
    Thanks. No, putting the 80 device name in my application is not the matter. But the problem is how to put them in the service URL? the service URL is entered one time so just one value of device name can be entered!!?

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Jeffrey Ness on 03-06-2011 12:33:34 PM
    Use #DEVICENAME# in the service URL as in my example - don't replace it with an actual devicename. CUCM/Phones replace it with the actual device's devicename when the service is invoked from the phones.

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Jeffrey Ness on 03-06-2011 12:33:34 PM
    Use #DEVICENAME# in the service URL as in my example - don't replace it with an actual devicename. CUCM/Phones replace it with the actual device's devicename when the service is invoked from the phones.

    Subject: RE: How to control access to IP phones XML services?
    Replied by: Anas FEDOUL on 19-07-2011 07:26:57 PM
    Thank you very much for this answer. In fact I want to test the mechanism of using a variable on the URL of my XML application just on the html browser and try to get it from the url and to make an echo on my PHP code in order to display the variable on the screen.

    I tried to do it many times using &_GET variable but without success. Could some one help please? Thanks in advance

    Subject: RE: How to control access to IP phones XML services?
    Replied by: NIGEL WARBURTON on 20-07-2011 06:29:37 AM
    do you mean $_GET not &_GET?

    Subject: RE: How to control access to IP phones XML services?
    Replied by: NIGEL WARBURTON on 20-07-2011 06:31:37 AM
    if(isset($_GET['device'])) $device = $_GET['device'] ;
    else
    if(isset($_POST['device'])) $device = $_POST['device'] ;
    else $device = '' ;

    Be warned some older phones do a POST hence why I always attempt to capture both as above.