Julien Genestoux
2008-Sep-26 23:27 UTC
Problem with authentication... Acts As Authenticated
Hello, I am working on the API of our webservice. API users need to authenticate some of their calls... When I am performig the call through Firefox, everything is fine as shown in the log : Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26 16:20:03) [GET] Session ID: BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595 Parameters: {"format"=>"xml", "action"=>"new", "controller"=>"sources/ownerships", "password"=>"MYPASS", "login"=>"MYUSER", "source_id"=>"1247"} Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB: 0.00378 (25%) | 200 OK [http://site.com/sources/1247/ownerships/new.xml?loginMYUSER&password=MYPASS] However, if I perform the exact same call from an external client wirtten in Perl, here is what I get n my log : Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26 16:19:39) [GET] Session ID: 6ef6e5b8289004d925517d48294f1cc1 Parameters: {"format"=>"xml", "action"=>"new", "controller"=>"sources/ownerships", "password"=>"MYPASS", "login"=>"MYUSER", "source_id"=>"1247"} Filter chain halted as [:login_required] rendered_or_redirected. Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB: 0.00000 (0%) | 401 Unauthorized [http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS] As you can see the parameters are precisely the same and, in one case, the call is successful while in another case it''s not! Do you guys have any idea on how to solve this? Thanks a lot! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Robert Walker
2008-Sep-26 23:34 UTC
Re: Problem with authentication... Acts As Authenticated
Firefox> Session ID: > BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo > SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595Perl> Session ID: 6ef6e5b8289004d925517d48294f1cc1Give the vast difference between these two Session IDs it makes me wonder if that is related to you problem? Does this relate in any way to "cross-site forgery protection?" Julien Genestoux wrote:> Hello, > > I am working on the API of our webservice. API users need to > authenticate some of their calls... > When I am performig the call through Firefox, everything is fine as > shown in the log : > > Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26 > 16:20:03) [GET] > Session ID: > BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo > SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595 > Parameters: {"format"=>"xml", "action"=>"new", > "controller"=>"sources/ownerships", "password"=>"MYPASS", > "login"=>"MYUSER", "source_id"=>"1247"} > Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB: > 0.00378 (25%) | 200 OK > [http://site.com/sources/1247/ownerships/new.xml?login> MYUSER&password=MYPASS] > > However, if I perform the exact same call from an external client > wirtten in Perl, here is what I get n my log : > > Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26 > 16:19:39) [GET] > Session ID: 6ef6e5b8289004d925517d48294f1cc1 > Parameters: {"format"=>"xml", "action"=>"new", > "controller"=>"sources/ownerships", "password"=>"MYPASS", > "login"=>"MYUSER", "source_id"=>"1247"} > Filter chain halted as [:login_required] rendered_or_redirected. > Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB: > 0.00000 (0%) | 401 Unauthorized > [http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS] > > As you can see the parameters are precisely the same and, in one case, > the call is successful while in another case it''s not! > > Do you guys have any idea on how to solve this? > > Thanks a lot!-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Possibly Parallel Threads
- Problem with 0.13.1 ActiveRecordStore with PG 8.0.3.
- SQLite3::SQLException: id may not be null
- Two foreign keys on the same column?
- [PATCH] IOMMU: don't disable bus mastering on faults for devices used by Xen or Dom0
- ActiveRecord::Base.transaction - SystemStackError - stack level too deep: