#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    3
    Rep Power
    0

    Problems consuming SOAP API that uses preemptive authentication


    Note: I apologize for something like this being my first post. I was not aware this forum existed. I posted this question below to the coldfusion subreddit and someone suggested I post it here to try to find an answer. I appreciate any help I can get towards solving this problem.

    I am attempting to communicate with a SOAP API that uses preemptive authentication and have run into some problems getting the API to provide appropriate responses. The API has several different functions, but for testing purposes, I am only interested in one; ping.

    I have attempted to interface with this API using createObject, cfinvoke, and cfhttp. None of the methods available seem to be working, createObject and cfinvoke return the same error, and cfhttp returns something different. For now, I just want to focus on cfhttp since I've been able to progress further here than with createObject/cfinvoke.

    For purposes of comparison, I have set up SOAP UI to communicate with this API and after a lot of trial and error, I was finally able to get SOAP UI to return appropriate XML when calling the ping function. I have attempted to copy the header information SOAP UI presents into my cfhttp call but instead of getting a ping response, I get a 500 bad request error.

    The SOAP UI call that returns appropriate responses looks like this (information redacted due to corporate and vendor privacy policies):

    Code:
    POST https://[REDACTED] HTTP/1.1
    Accept-Encoding: gzip,deflate
    Content-Type: text/xml;charset=UTF-8
    SOAPAction: "https://[REDACTED]/ping"
    Authorization: Basic [REDACTED]
    Content-Length: 237
    Host: [REDACTED]
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
    
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:con="https://[REDACTED]">
        <soapenv:Header/>
        <soapenv:Body>
            <con:ping/>
        </soapenv:Body>
    </soapenv:Envelope>
    The code I have written to mimic this call looks like this:

    Code:
    <cfsavecontent variable="soapRequest">
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:con="https://[REDACTED]">
        <soapenv:Header/>
        <soapenv:Body>
            <con:ping/>
        </soapenv:Body>
    </soapenv:Envelope>
    </cfsavecontent>
    
    <!--- Send SOAP request to the Web Service --->
    
    <cfhttp url="https://[REDACTED]" username="[REDACTED]" password="[REDACTED]" method="post" result="httpResponse" timeout="300">
        <cfhttpparam type="header" name="SOAPAction" value="https://[REDACTED]/ping" />
        <cfhttpparam type="header" name="accept-encoding" value="no-compression" />
        <cfhttpparam type="header" name="Authorization" value="Basic [REDACTED]" />
        <cfhttpparam type="header" name="MIME-Version" value="1.0" />
        <cfhttpparam type="header" name="content-type" value="text/xml" />
        <cfhttpparam type="header" name="content-length" value="#Len(Trim(soapRequest))#" />
        <cfhttpparam type="xml" value="#trim(soapRequest)#" />
    </cfhttp>
    At this point, I'm grasping at straws. I don't know enough about SOAP to know whether this is a problem on my end, a compatibility issue of some sort, or a problem on the vendor's end. The vendor's support for this problem has been virtually useless; I would change vendors for this service, but I can't make that decision.

    A couple of quick notes relating to specific things in my version of the code:

    * I am not setting a header value for MIME type because according to this article from Ben Nadel, setting the XML cfhttpparam should pass an appropriate mimetype for me.
    * I have tried it previously however, removing the XML line and replacing it with <cfoutput>#soapRequest#</cfoutput>, which did not make a difference.
    * I set accept-encoding to no-compression for the same reason listed above. I have tried it previously with gzip/deflate however, but it also made no difference.
    * I have tried setting a user agent previously to match the value above, and again, it did not resolve the problem.
    * I have copy/pasted the URL values from the SOAP UI call into my code to ensure they match.

    Does anybody know of an application I can use that will allow me to actually SEE what ColdFusion and SOAP UI are sending to this API so I can compare the outputted calls? I've tried to use Fiddler for this, but I can't figure out how to get it to interact with anything other then my browser, which does me no good.

    If you see anything that appears to be even the simplest overlook, please present it. I am desparate to resolve this problem.
  2. #2
  3. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    Which version of CF are you using? Also, what is the actual error this HTTP call returns?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by kiteless
    Which version of CF are you using? Also, what is the actual error this HTTP call returns?
    I'm using 10. The exact error is just an ASP.NET error page with a returned header error of 500 bad request, as stated above. The file content returned is:

    <html> <head> <title>Runtime Error</title> <style> body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } pre {font-family:"Lucida Console";font-size: .9em} .marker {font-weight: bold; color: black;text-decoration: none;} .version {color: gray;} .error {margin-bottom: 10px;} .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } </style> </head> <body bgcolor="white"> <span><H1>Server Error in '/4' Application.<hr width=100% size=1 color=silver></H1> <h2> <i>Runtime Error</i> </h2></span> <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif "> <b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. <br><br> <b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a &lt;customErrors&gt; tag within a &quot;web.config&quot; configuration file located in the root directory of the current web application. This &lt;customErrors&gt; tag should then have its &quot;mode&quot; attribute set to &quot;Off&quot;.<br><br> <table width=100% bgcolor="#ffffcc"> <tr> <td> <code><pre> &lt;!-- Web.Config Configuration File --&gt; &lt;configuration&gt; &lt;system.web&gt; &lt;customErrors mode=&quot;Off&quot;/&gt; &lt;/system.web&gt; &lt;/configuration&gt;</pre></code> </td> </tr> </table> <br> <b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the &quot;defaultRedirect&quot; attribute of the application's &lt;customErrors&gt; configuration tag to point to a custom error page URL.<br><br> <table width=100% bgcolor="#ffffcc"> <tr> <td> <code><pre> &lt;!-- Web.Config Configuration File --&gt; &lt;configuration&gt; &lt;system.web&gt; &lt;customErrors mode=&quot;RemoteOnly&quot; defaultRedirect=&quot;mycustompage.htm&quot;/&gt; &lt;/system.web&gt; &lt;/configuration&gt;</pre></code> </td> </tr> </table> <br> </body> </html>
  6. #4
  7. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    Hmm...yeah without some kind of actual error message explaining what is going wrong, this is going to be really hard to debug. Is it authentication? Bad parameters? Bad types? Bad headers? Etc.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by kiteless
    Hmm...yeah without some kind of actual error message explaining what is going wrong, this is going to be really hard to debug. Is it authentication? Bad parameters? Bad types? Bad headers? Etc.
    If I try to access this webservice by creating an object, either by using createObject or cfobject, I get 401 errors instead. That being said, my UN/PW are correct, and I have confirmed I do not need a client-side cert to access the API.
  10. #6
  11. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    Can you also confirm that the web service is using only basic authentication, and not something else (NTLM, etc.)? If the CF server isn't on your local machine, it also wouldn't hurt to confirm that there isn't some IP restriction on the target web server, or testing it locally vs. remotely to see if that makes any difference.

    It SOUNDS like an authentication issue.

IMN logo majestic logo threadwatch logo seochat tools logo