Homoud Posted February 24, 2021 Share Posted February 24, 2021 Hi All, I am struggling for a while to authenticate with API using AutoIT, I am able to do the same on Powershell using the following code with successful authentication: $headers = @{ Authorization="PS-Auth key=<API KEY>; runas=<API User>; pwd=[<Password>];"; }; $uri = "https://<Domain>/BeyondTrust/api/public/v3/Auth/SignAppin"; $signinResult = Invoke-RestMethod -Uri $uri -Method POST -Headers $headers -SessionVariable script:session; $signinResult I am trying to use the following AutoIT script expandcollapse popup#include "WinHttp.au3" post_authentication_test() Func post_authentication_test() Local $oHttp = Null, _ $oComErr = Null Local $iHttpStatus = 0 Local $sResponse = "", _ $sPostData = "" ConsoleWrite(@CRLF & "Executing API" & @CRLF) ;Set COM error handler $oComErr = ObjEvent("AutoIT.Error", "com_error_handler") ;Create a HTTP COM object $oHttp = ObjCreate("winhttp.winhttprequest.5.1") If @error Then ConsoleWrite("Unable to create http request object." & @CRLF) Exit -1 EndIf ConsoleWrite("WinHttpRequest object created." & @CRLF) With $oHttp ;Open POST request $hrequest = .Open("POST", "https://<Domain>/BeyondTrust/api/public/v3/Auth/SignAppin", False) ;Set request headers and options .SetRequestHeader( "Content-Type", "application/json") .SetRequestHeader( "authorization", "PS-Auth key=<API Key>; runas=<API User>; pwd=[<Password>];") ;Send request .Send($hrequest) If @error Then ConsoleWrite(StringFormat("SEND ERROR: (0x%X) %s", $oComErr.Number, $oComErr.Description) & @CRLF) Return EndIf ;Get status code and response $iHttpStatus = .Status $sResponse = .ResponseText ;If status code isn't okay If $iHttpStatus <> 200 Then ConsoleWrite("HTTP Status : " & String($iHttpStatus) & @CRLF) ConsoleWrite("HTTP Response: " & @CRLF & $sResponse & @CRLF) Return EndIf EndWith ConsoleWrite("API Response:" & @CRLF & $sResponse & @CRLF) EndFunc Func com_error_handler($oError) Return EndFunc I am getting the following error in the console (Screenshot attached) SEND ERROR: (0x80020009) A certificate is required to complete client authentication I have used the same AutoIT script with other API, and it was working the other API it doesn't use any key only basic authentication (User and Password) I am sure the API doesn't need certificate to authenticate, and I tried to bypass this from the script with no luck? Any idea how to make this works? Appreciate your help Link to comment Share on other sites More sharing options...
TheXman Posted February 24, 2021 Share Posted February 24, 2021 (edited) I know my code when I see it. That example was taken from the post below. The inclusion of winhhtp.au3 udf is not needed when using the winhttp.winhttprequest com object. What's the web server's domain name that you are trying to connect to? That web server is requiring a certificate as it says. If it's an in-house web server or one that's under your control and you don't think that it should be requesting a certificate to connect, then it may be misconfigured. If it's a publicly accessible server, then it could be some other reason like a proxy issue or something else completely unrelated. You have not provided enough information to know. Also, why are you trying to capture the return value ($hrequest) from the open method and use it as the post data in the send method? That's wrong for multiple reasons. First, that particular BeyondTrust API (Auth/SignAppin) does not require any post data. Secondly, if it did, it wouldn't usually be the return from the open method. Lastly, the open method doesn't return any value, just an empty string. From the BeyondTrust API Guide 7.2: POST Auth/SignAppin Purpose Authenticates the provided credentials and creates a user session. Required Permissions A user group to which the user belongs must be granted access to the API key given in authorization header. Must be running script from a valid source address as configured in API Registration for the given API key. Request Body None Response Body Content-Type: application/json By the way, do you just create a new account every time you have a new question? 🤨😉 Edited February 26, 2021 by TheXman FrancescoDiMuro 1 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman Link to comment Share on other sites More sharing options...
JockoDundee Posted February 24, 2021 Share Posted February 24, 2021 1 hour ago, TheXman said: By the way, do you just create a new account every time you have a new question? “Not only do I know my code when I see it, I know yours when I see it...” Code hard, but don’t hard code... Link to comment Share on other sites More sharing options...
Homoud Posted March 13, 2021 Author Share Posted March 13, 2021 @TheXman Firstly, sorry for the late reply I haven't got any notification. Secondly, I would really would like to express my high appreciation for your comments addressing this post, it is really nice how you are explaining and trying to help, Thank you. Thirdly, no this is my first account here, and actually this my first time in whole my life posting a technical question, usually I dig till I find the answer, but this time I am stuck in achieving a successful code with something a bit important. Quote I know my code when I see it. That example was taken from the post below. I am not an expert of AutoIT and trying to learn, you example code was very useful to me and it works fine with other API (With Basic Authentication and not using Post in Authentication) Quote The inclusion of winhhtp.au3 udf is not needed when using the winhttp.winhttprequest com object. I came to know this after I dig it, but as I am using different tests, I am just keeping them in the top 😅, I tired using winhttp.au3 and directly winhttp.winhttprequest with no luck so far. Quote What's the web server's domain name that you are trying to connect to? That web server is requiring a certificate as it says. If it's an in-house web server or one that's under your control and you don't think that it should be requesting a certificate to connect, then it may be misconfigured. If it's a publicly accessible server, then it could be some other reason like a proxy issue or something else completely unrelated. You have not provided enough information to know. It is internal server, not a published one. Authentication supports but doesn't require certificate, it is an available option but I haven't enabled it, and I am quite sure about this, because when I connect using Powershell it works without certificate, I have already shared the working code above. I also tried the below code to skip this error but with no luck .Option(Result, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0); and something like below DllCall($hWINHTTPDLL__WINHTTP, "bool", "WinHttpSetOption", "handle", $hRequest, "dword", $WINHTTP_OPTION_CLIENT_CERT_CONTEXT, "ptr", NULL, "dword", 0) Quote Also, why are you trying to capture the return value ($hrequest) from the open method and use it as the post data in the send method? That's wrong for multiple reasons. First, that particular BeyondTrust API (Auth/SignAppin) does not require any post data. Secondly, if it did, it wouldn't usually be the return from the open method. Lastly, the open method doesn't return any value, just an empty string. No particular reason, it is just a error and trial approach and leak in knowledge of the codes As per my understanding, this issue happens when the API server supports but not requires client certificate, is there anyway make the code ignore the certificate part? Appreciate your help Link to comment Share on other sites More sharing options...
TheXman Posted March 14, 2021 Share Posted March 14, 2021 (edited) On 3/13/2021 at 2:57 PM, Homoud said: Firstly, sorry for the late reply I haven't got any notification. It's not a "late reply". It's an attempt to re-engage on a topic that you abandoned. I replied to your initial post the same day that you posted it, almost 3 weeks ago. Given that we may not be in the same country or time zone, I can understand a reply that takes a day or two, but 2.5 weeks is ridiculous. If this topic was as important as you say, notification or not, one would think that you would've checked to see if anyone had replied long before now. I don't have the patience to try to help people that don't promptly reply. There are plenty of others that may be able to help you. Hopefully, for your sake, one of them has more patience than I do and is willing to deal with your "sense of urgency". On 3/13/2021 at 2:57 PM, Homoud said: I would really would like to express my high appreciation for your comments addressing this post, it is really nice how you are explaining and trying to help, Thank you. You're welcome. Edited March 15, 2021 by TheXman fixed typo FrancescoDiMuro 1 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman Link to comment Share on other sites More sharing options...
mLipok Posted March 14, 2021 Share Posted March 14, 2021 (edited) On 2/24/2021 at 7:35 PM, Homoud said: AutoIT !!! Argh..... AutoItEDIT: Edited March 16, 2021 by mLipok Skysnake and FrancescoDiMuro 2 Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24 Link to comment Share on other sites More sharing options...
Developers Jos Posted March 14, 2021 Developers Share Posted March 14, 2021 Nitpicker Skysnake, FrancescoDiMuro and Danp2 2 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Homoud Posted March 15, 2021 Author Share Posted March 15, 2021 @TheXman Not sure what message are you trying to deliver, but I am sure it is irrelevant to the post. It is not the life end my friend, and I don't believe you have the right judge others or interpret things which you are completely not aware of Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now