search

sta / websocket-sharp

A C# implementation of the WebSocket protocol client and server
http://sta.github.io/websocket-sharp
MIT License
5.72k stars 1.66k forks source link

Digest authentication exception #29

Open kjla opened 10 years ago

kjla commented 10 years ago

The body in the 401 response is not read which makes the authentication to fail, I get the exception ("No colon found.", "header").

If I read the body after the header in the method WsStream::ReadHandshake then it works fine.

if (_innerStream.ReadByte().EqualsWith('\r', add) && _innerStream.ReadByte().EqualsWith('\n', add) && _innerStream.ReadByte().EqualsWith('\r', add) && _innerStream.ReadByte().EqualsWith('\n', add)) { string tempRes = Encoding.UTF8.GetString(buffer.ToArray()); var clStartIndex = tempRes.IndexOf("Content-Length:"); if (-1 != clStartIndex) { clStartIndex += ("Content-Length:".Length + 1); int crIndex = tempRes.IndexOf('\r', clStartIndex); string contentLenStr = tempRes.Substring(clStartIndex, crIndex - clStartIndex); int contentLen = Convert.ToInt32(contentLenStr); for (int i = 0; i < contentLen; ++i) { _innerStream.ReadByte(); } }

    read = true;
    break;

}

sta commented 10 years ago

Hmm,,, Which WebSocket server do you use?

kjla commented 10 years ago

We are using AppWeb (http://appwebserver.org/). The server works ok with Firefox and POCO C++ lib as far as we have tested. I could send the connect phase as a wireshark log, but I don't know how to attach it. but this is how it looks like, I get the "upgrade" response but the connection is closed directly, the web WebSocket::Close() is called with _reason = "An exception has occurred while connecting.". If I add the code lines as in prev mail everything works fine.

GET /poll HTTP/1.1 User-Agent: websocket-sharp/1.0 Upgrade: websocket Connection: Upgrade Host: 192.168.8.105 Sec-WebSocket-Key: hT/1rIa/kxfu/7AWqCVbfg== Sec-WebSocket-Protocol: robapi2_subscription Sec-WebSocket-Version: 13 Cookie: ABBCX=54

HTTP/1.1 401 Unauthorized Keep-Alive: timeout=10, max=199 Content-Type: text/plain Server: Embedthis-http Date: SUN, 12 JAN 2014 17:40:59 GMT Cache-Control: no-cache Content-Length: 230 Connection: Keep-Alive WWW-Authenticate: Digest realm="validusers@robapi.abb", domain=":80", qop="auth", nonce="ZjdmYjdkYmVkZjZmMzc5YmNkNjZiM2Q5NmNiNjViMmQ6dmFsaWR1c2Vyc0Byb2JhcGkuYWJiOjE0Mzg3OGFkNjUxOjU2", opaque="799d5", algorithm="MD5", stale="FALSE"

<?xml version="1.0" encoding="UTF-8"?>

401 Access Denied. Login required

GET /poll HTTP/1.1 User-Agent: websocket-sharp/1.0 Upgrade: websocket Connection: Upgrade Host: 192.168.8.105 Sec-WebSocket-Key: hT/1rIa/kxfu/7AWqCVbfg== Sec-WebSocket-Protocol: robapi2_subscription Sec-WebSocket-Version: 13 Cookie: ABBCX=54 Authorization: Digest username="Default User", realm="validusers@robapi.abb", nonce="ZjdmYjdkYmVkZjZmMzc5YmNkNjZiM2Q5NmNiNjViMmQ6dmFsaWR1c2Vyc0Byb2JhcGkuYWJiOjE0Mzg3OGFkNjUxOjU2", uri="/poll", algorithm=MD5, response="74f78fc7372791a837bc0cd89ff6c1db", qop=auth, nc=00000001, cnonce="b4c3afbde3c0673538810bcb41e5bcb8", opaque="799d5"

HTTP/1.1 101 Switching Protocols Sec-WebSocket-Protocol: robapi2_subscription X-Inactivity-Timeout: 259200 Set-Cookie: -http-session-=::http.session::57cf577bdbe9a87f385fc501dfd19ea2; path=/; domain=192.168.8.105 X-Request-Timeout: 259200 Server: Embedthis-http Date: SUN, 12 JAN 2014 17:41:06 GMT Sec-WebSocket-Accept: 4BYQRv/JWu6d/eMX5PrnytuJzj8= Cache-Control: no-cache="set-cookie" Connection: Upgrade Upgrade: WebSocket

kjla commented 10 years ago

The body in the authorization response looks like this:

 <?xml version="1.0" encoding="UTF-8"?>
 <html xmlns="http://www.w3.org/1999/xhtml">
 <body>
 <div class="status">
 <span class="code">401</span>
 <span class="msg">Access Denied. Login required</span>
 </div>
 </body>
 </html>
sta commented 10 years ago

Thanks a lot. I will support this issue.