getDeviceInformation gives error without credentials

[diogo24m]

When I use the getDeviceInformation() function with credentials it works fine, but when the credentials aren't provides it gives this error:

Error: ONVIF SOAP Fault: Sender not authorizedThe action requested requires authorization and the sender is not authorized.

My code:

onvif.Discovery.on('device', function (cam, remoteInfo) {
    //cam.username = "admin";
    //cam.password = "password";

    cam.getDeviceInformation(function (err, info, xml) {
        if (err) console.log(err);
        else console.log(info);
    });
})
onvif.Discovery.probe();

Is this because of my camera or am I missing something?

[agsh]

@diogo24m Hi! Yes, this behavior is correct. As described in the ONVIF specification, you can't get the device information without credentials.

[diogo24m]

I'm sorry, but in the README of this project says that it is not necessary.

[agsh]

@diogo24m In the spec this is not obviously clear, so it depends on cam realization. You can read about some confusing moments in this issue: https://github.com/agsh/onvif/issues/178#issuecomment-750235417 Can you check that auth doesn't need for this operation in other software, for example: https://sourceforge.net/projects/onvifdm/ ?

[diogo24m]

I tested this software and it also requires authentication.

But I found that the XML(SOAP response) returned from the device's listener has the information I needed (serial number found in MessageID and device name).

[agsh]

It seems that your device implements ONVIF spec this way. There are a lot of discrepancies in the implementation by different manufactures.

And what the request and response which return in the XML? Does it corresponds to http://www.onvif.org/onvif/ver10/device/wsdl/devicemgmt.wsdl#op.GetDeviceInformation ?

[chriswiggins]

Could we retry on authentication failure?

[agsh]

@chriswiggins I don't quite understand why we should do this. The result will be the same :man_shrugging:. IMHO, auth headers https://github.com/agsh/onvif/blob/2cdafa0130758a31a7c97df0b3c53d50a2f86d15/lib/cam.js#L952 shouldn't affect on the request at all. And they are already present in getDeviceInformation

https://github.com/agsh/onvif/blob/2cdafa0130758a31a7c97df0b3c53d50a2f86d15/lib/cam.js#L768

I think that the problem is in this cam. Or maybe it is my mistake, thus I thought that getDeviceInformation works without auth. I can't check my assumption (I'll write new issue for that :smiley:) @RogerHardiman Can you enlighten me in this question, as you do in the adjacent issue?

[diogo24m]

@agsh this was the response to the probe() request:

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope     >
    <SOAP-ENV:Header>
        <wsa:MessageID>urn:uuid:6e2ace70-bfde-11d3-9bfd-b0c5545773a6</wsa:MessageID>
        <wsa:RelatesTo>urn:uuid:dcd813bd-354d-eb33-971e-85a62de72c9f</wsa:RelatesTo>
        <wsa:To SOAP-ENV:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2005/04/addressing/role/anonymous</wsa:To>
        <wsa:Action SOAP-ENV:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2005/04/discovery/ProbeMatches</wsa:Action>
        <d:AppSequence SOAP-ENV:mustUnderstand="true" MessageNumber="2" InstanceId="3550371598" />
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <d:ProbeMatches>
            <d:ProbeMatch>
                <wsa:EndpointReference>
                    <wsa:Address>urn:uuid:6e2ace70-bfde-11d3-9bfd-b0c5545773a6</wsa:Address>
                </wsa:EndpointReference>
                <d:Types>dn:NetworkVideoTransmitter tds:Device</d:Types>
                <d:Scopes>onvif://www.onvif.org/type/video_encoder onvif://www.onvif.org/Profile/Streaming onvif://www.onvif.org/hardware/DCS-4701E onvif://www.onvif.org/name/D-Link%20DCS-4701E onvif://www.onvif.org/location/</d:Scopes>
                <d:XAddrs>http://192.168.1.101:80/onvif/device_service</d:XAddrs>
                <d:MetadataVersion>1</d:MetadataVersion>
            </d:ProbeMatch>
        </d:ProbeMatches>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

[agsh]

@diogo24m It still seems that your device needs authorization to get the information. I don't think that we should realize things that doesn't compatible to ONVIF specification. But I think that for concrete cams we can extend Cam.prototype depending on its model. Can you do this? I can help you, if you want, Plz write the model of your cam.

[diogo24m]

@agsh In this project (https://github.com/futomi/node-onvif), they already do this using the information in the Scopes tag.

You can pass this information in the device listener callback parameter cam or rinfo.

[diogo24m]

@agsh My cam: D-Link DCS-4701E.

[RogerHardiman]

The ONVIF Core Specification is at https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf

Commands that do not need a password are marked with "PRE_AUTH" They are GetWdslUrl GetServices GetServiceCapabilities GetCapabilities GetHostname GetSystemDateAndTime GetEndpointReference

The D-Link camera that @diogo24m has is doing the right thing when it requires a password.

Just for information, there are some ONVIF implementations that require a username and password on many of these PRE_AUTH commands. Technically those cameras are wrong, but that is just how things have been implemented. But sending a password would be OK. It is just that PRE_AUTH commands should not need it.

So in this case it is our ReadMe docs that are incorrect.

[RogerHardiman]

Hi @diogo24m The normal method to get details about the device is to parse the XML returned from the Discovery Probe. I do this in [https://github.com/RogerHardiman/onvif-audit](https://github.com/RogerHardiman/onvif-audit in the scan function.