Problem authenticating if password contains a @

Joe,

All of the calls that get status or make updates to the configuration are iControl method requests. In the Windows Form App, I have 4 buttons that trigger certain LTM GUI Network Map pages to be presented within the application. Since I've already prompted the user for their ID and password, I was just hoping to have the webbrowser control page refresh not require an additional credential challenge. Also, the users will be working with several LTM pairs, and I didn't want them to have to authenticate to each one that they go to.

I do have to apologize in advance - this is my first coding endeavor, so many of my questions are very rudimentary.

When debugging, it looks like the values are indeed correct:

 string hdr = "Authorization: Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(txt_username.Text + ":" + txt_password.Text)) + "\r\n";
Value of hdr is: "Authorization: Basic bGxlaG1hbjE6 edit lYWtANzE=\r\n" 

Thanks again for the help.

- Luke

Also, URL encoding the password seems to work on 10.1 and 10.2:

 

 

https://admin:123%40321@hostname/iControl/iControlPortal.cgi

 

 

This works to enter the user/pass of admin/123@321

 

 

Aaron

I think I'm about 6-8 months away from 10.x, but it is good to know that it will work a little easier in 10.1 & 10.2.

All,

 

 

So I guess I somewhat found a way 'around' the problem - but I don't care - it WORKS!!

 

 

Credit is due in most part to hoolio for his comment about how url encoding works in 10.x. I thought - "Hey, why don't I try that in my code. Eureka!

 

 

web_ltmview.Url = new Uri(
"https://" +
txt_username.Text +
":" +
System.Web.HttpUtility.UrlEncode(txt_password.Text) +
"@" +
ltmDerived +
".domain.com/" +
"tmui/Control/form?_form_holder_opener_=&handler" +
"=%2Ftmui%2Flocallb%2Fnetwork_map&handler_before=%2Ftmui%2Flocallb%2Fnetwork_map&showObjList=&showObjList_befor" +
"e=&hideObjList=&hideObjList_before=&enableObjList=partition_control&enableObjList_before=&disableObjList=&disa" +
"bleObjList_before=&form_page=%2Ftmui%2Flocallb%2Fnetwork_map.jsp&form_page_before=%2Ftmui%2Flocallb%2Fnetwork_" +
"map.jsp&error_page=%2Ftmui%2Flocallb%2Fnetwork_map.jsp&error_page_before=%2Ftmui%2Flocallb%2Fnetwork_map.jsp&s" +
"how_map=1&show_map_before=0&status_select_before=null&status_select=0&object_type_select_before=null&object_ty" +
"pe_select=&SearchString=" +
txt_serverIp.Text +
"&SearchString_before=*&irule_body_before=unchecked&Show+Summary_before=Show+Summary&Show+Map=Update+Map&Show+M" +
"ap_before=Update+Map"
);

 

 

The magic is all here:

 

 

System.Web.HttpUtility.UrlEncode(txt_password.Text)

 

 

Replaces any special char with a string that doesn't throw an exception.

 

 

Thanks everyone (very very much) !!

 

 

-Luke

In trying to execute due diligence, I wanted to implant commented out code for webview loads for v10. So that when we made the upgrade, all I'd have to do is comment out the v9 and uncomment the v10.

 

 

It seems that I've run into another Auth issue. I've tried the existing syntax - which worked in v9:

 

 

 https://username:password@hostname/uri

 

 

I don't know all the changes in auth from v9 to v10, but I am hoping that the change in code to allow the page to load will be doable.

 

 

Thanks!

I'm still trying to figure out why you are passing passwords along in the URI when you can use the lower level classes to do it for you.

 

 

I'd recommend using the iControl library for Java that has all the compiled interface proxy code built in with a iControl.Interfaces class wrapper that handles all the self-signed cert and authentication management for you.

 

 

The generated binding stub classes are derived from the org.apache.axis.client.Stub class which has a "setPassword()" method in it that allows you to insert the authenticate headers in the request.

 

 

If you really don't want to use the iControl library, and if so, I'd like to hear why, and you aren't using Apache Axis for the transport library, then the next best approach would be to generate the authenticate header yourself. You'll want to add a header named "Authorization" with the value of "Basic user:pass" with user:pass being base64 encoded. I'm not sure about the java code to do this, but with Perl, it looks like this:

 

 

eval { $SystemInfo->transport->http_request->header
(
    'Authorization' => 
        'Basic ' . MIME::Base64::encode("$sUID:$sPWD", '')
); };

 

 

I know there are ways to add HTTP headers with the java libraries so I'm sure the logic would be the same.

 

 

This method will work on all versions of LTM back to 4.5.

 

 

-Joe

 

 

-Joe

 

Ahhh, now I see why you aren't using the iControl libraries, because you are trying to do a grab of the admin GUI. If so, then my approach should work with the Authentication header.

 

 

-Joe

 

Thanks for the replies Joe.

Yep, I'm just grabbing a view of the GUI in a web control. I've tried the Authentication header addition and either it doesn't work or I'm doing something wrong (probably the latter...)

string hdr = "Authorization: Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(txt_username.Text + ":" + txt_password.Text)) + "\r\n";
web_ltmview.Navigate("https://" + "hostname.domain.com/", null, null, hdr);

It seems like the GUI authentication works a little differently in v9 as opposed to v10, but I'm not sure how to articulate it...

Once again, sorry for all the questions.

Luke, could you provide the code for the web_ltmview object initialization. I can try to recreate it but I want to make sure I'm using the same classes as you are.

 

 

-Joe

 

Encoding the password that contains a "@" character as follows did not work for me in my Java program. It encoded the password (replaced the @ with %40, but authentication still failed.

 

 

try

 

{

 

fPassword = URLEncoder.encode("xxxxxx@xxx", "UTF-8");

 

}

 

catch (UnsupportedEncodingException ex)

 

{

 

System.out.println("\nERROR: Cannot encode F5 password. " + ex.toString());

 

System.exit(1);

 

}

 

 

fEndpoint = "https://" + username + ":" + password + "@" +

 

hostname + ":" + port + "/iControl/iControlPortal.cgi";

 

 

So, then I tried using the iControl binding stub's setPassword method passing it the encoded password instead of putting the password in the endpoint as follows. It still fails with an Authentication Error:

 

 

try

 

{

 

fPassword = URLEncoder.encode("xxxxxx@xxx", "UTF-8");

 

}

 

catch (UnsupportedEncodingException ex)

 

{

 

System.out.println(

 

"\nERROR: Cannot encode F5 password. " + ex.toString());

 

System.exit(1);

 

}

 

 

// Don't include the password in the endpoint

 

fEndpoint = "https://" + username + "@" +

 

hostname + ":" + port + "/iControl/iControlPortal.cgi";

 

 

iControl.SystemSystemInfoBindingStub m_systemInfo =

 

(iControl.SystemSystemInfoBindingStub)

 

new iControl.SystemSystemInfoLocator().getSystemSystemInfoPort(

 

new java.net.URL(fEndpoint));

 

 

// Set the password

 

m_systemInfo.setPassword(fPassword);

 

 

iControl.SystemProductInformation productInfo =

 

m_systemInfo.get_product_information();

 

 

I also tried removing the username from the endpoint and using setUsername() in addition to setPassword() to set the username and password. It still failed.

 

 

Any ideas on what I'm doing wrong?

 

 

Here's the Authentication Error information:

 

 

AxisFault

 

faultCode: {http://xml.apache.org/axis/}HTTP

 

faultSubcode:

 

faultString: (401)F5 Authorization Required

 

faultActor:

 

faultNode:

 

faultDetail:

 

{}:return code: 401

 

 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 

 

 

Authentication required!

 

 

 

 

 

 

 

 

Authentication required!

 

 

 

 

This server could not verify that you are authorized to access

 

the URL "/iControl/iControlPortal.cgi".

 

You either supplied the wrong credentials (e.g., bad password), or your

 

browser doesn't understand how to supply the credentials required.

 

 

 

 

 

 

 

In case you are allowed to request the document, please

 

check your user-id and password and try again.

 

 

 

 

 

Error 401

 

 

 

 

 

Tue Jul 13 15:17:33 2010

 

 

 

 

 

 

 

 

{http://xml.apache.org/axis/}HttpErrorCode:401

 

 

(401)F5 Authorization Required

 

at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)

 

at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)

 

at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

 

at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

 

at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

 

at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)

 

at org.apache.axis.client.Call.invokeEngine(Call.java:2784)

 

at org.apache.axis.client.Call.invoke(Call.java:2767)

 

at org.apache.axis.client.Call.invoke(Call.java:2443)

 

at org.apache.axis.client.Call.invoke(Call.java:2366)

 

at org.apache.axis.client.Call.invoke(Call.java:1812)

 

at iControl.SystemSystemInfoBindingStub.get_product_information(SystemSystemInfoBindingStub.java:1538)

 

at F5Config.checkSystemVersion(F5Config.java:1530)

 

at F5Proxy.createOrUpdateNRPC_iRule(F5Proxy.java:1183)

 

at F5Proxy.main(F5Proxy.java:1286)