401 error when making calls via Python Code
1,129 views
Skip to first unread message
Kate
Oct 26, 2011, 10:57:29 AM10/26/11
to DevTargetProcess
I'm attempting to use the REST API for Target Process in order to
retrieve and modify data within our instance. When I try and make
calls via my Python code, I keep getting 401 errors, despite being
able to successfully retrieve data via a browser using the same creds
and uri.
Method Call:
tp = Target_Process('xx.xx.com', 'xxx', 'xxx')
print tp.get_object('TestPlanRuns', 'xxx')
...
import base64
import urllib2
import urllib
class Target_Process():
user = ''
password = ''
tp_uri = ''
def __init__(self, tp_name, username, password):
self.data = []
self.user = username
self.password = password
self.tp_uri = 'https://' + tp_name + '/targetprocess2/api/
v1/'
def get_object(self, type, id):
auth = base64.encodestring("%s:%s" % (self.user,
self.password)).strip()
request = urllib2.Request(self.tp_uri + type + '/' + id)
request.add_header("Authorization", "Basic %s" % auth)
return urllib2.urlopen(request)
...
retrieve and modify data within our instance. When I try and make
calls via my Python code, I keep getting 401 errors, despite being
able to successfully retrieve data via a browser using the same creds
and uri.
Method Call:
tp = Target_Process('xx.xx.com', 'xxx', 'xxx')
print tp.get_object('TestPlanRuns', 'xxx')
...
import base64
import urllib2
import urllib
class Target_Process():
user = ''
password = ''
tp_uri = ''
def __init__(self, tp_name, username, password):
self.data = []
self.user = username
self.password = password
self.tp_uri = 'https://' + tp_name + '/targetprocess2/api/
v1/'
def get_object(self, type, id):
auth = base64.encodestring("%s:%s" % (self.user,
self.password)).strip()
request = urllib2.Request(self.tp_uri + type + '/' + id)
request.add_header("Authorization", "Basic %s" % auth)
return urllib2.urlopen(request)
...
Alex Fomin
Oct 26, 2011, 11:07:28 AM10/26/11
to devtarge...@googlegroups.com
Hi,
I've used your code (with cosmetic changes) on Python 2.7.2 to access our ondemand services and it works flawlessly for me (I mark changes with bold):
import base64
import urllib2
import urllib
class Target_Process():
user = ''
password = ''
tp_uri = ''
def __init__(self, tp_name, username, password):
self.data = []
self.user = username
self.password = password
self.tp_uri = tp_name
def get_object(self, type, id):
auth = base64.encodestring("%s:%s" % (self.user, self.password)).strip()
request = urllib2.Request(self.tp_uri + type + '/' + id)
request.add_header("Authorization", "Basic %s" % auth)
response = urllib2.urlopen(request)
return response.read()
>>> tp = Target_Process('https://demo7.tpondemand.com/api/v1/', 'admin', 'admin')
>>> tp.get_object('Processes', '1')
'<Process Id="1" Name="All Practices">\r\n <Description>Process includes all practices with default settings</Description>\r\n</Process>'
I have tested either http and https protocols.
Please ensure that you use correct URL for accessing TP REST Api. Also you could try to sniff (with smth like Fiddler or WireShark) request and response to check the actual data sent/received.
Thanks,
Alex, TP Team
I've used your code (with cosmetic changes) on Python 2.7.2 to access our ondemand services and it works flawlessly for me (I mark changes with bold):
import base64
import urllib2
import urllib
class Target_Process():
user = ''
password = ''
tp_uri = ''
def __init__(self, tp_name, username, password):
self.data = []
self.user = username
self.password = password
def get_object(self, type, id):
auth = base64.encodestring("%s:%s" % (self.user, self.password)).strip()
request = urllib2.Request(self.tp_uri + type + '/' + id)
request.add_header("Authorization", "Basic %s" % auth)
return response.read()
>>> tp = Target_Process('https://demo7.tpondemand.com/api/v1/', 'admin', 'admin')
>>> tp.get_object('Processes', '1')
'<Process Id="1" Name="All Practices">\r\n <Description>Process includes all practices with default settings</Description>\r\n</Process>'
I have tested either http and https protocols.
Please ensure that you use correct URL for accessing TP REST Api. Also you could try to sniff (with smth like Fiddler or WireShark) request and response to check the actual data sent/received.
Thanks,
Alex, TP Team
Kate
Nov 17, 2011, 11:58:48 AM11/17/11
to DevTargetProcess, kris....@mandiant.com
Target Process is installed on a server running either IIS 7 or 7.5,
and the server is in an Active Directory domain. However, my
workstation that I'm running my scripts from is not part of that
domain, or in fact any domain.
We currently have 'Forms Authentication' and 'Windows Authentication'
enabled. We attempted enabling 'Basic Authentication' as a test but
it was unsuccessful.
I can access/successfully authenticate with our Target Process site
via the browser. A pop up prompts for authentication and I enter my
credentials for the domain that the Target Process server is on, and
it lets me in. But passing the same credentials via my script fails.
and the server is in an Active Directory domain. However, my
workstation that I'm running my scripts from is not part of that
domain, or in fact any domain.
We currently have 'Forms Authentication' and 'Windows Authentication'
enabled. We attempted enabling 'Basic Authentication' as a test but
it was unsuccessful.
I can access/successfully authenticate with our Target Process site
via the browser. A pop up prompts for authentication and I enter my
credentials for the domain that the Target Process server is on, and
it lets me in. But passing the same credentials via my script fails.
Alex Fomin
Nov 21, 2011, 11:18:08 AM11/21/11
to devtarge...@googlegroups.com, kris....@mandiant.com
Ok, I see your issue.
Unfortunately, if TP uses Windows authorization, REST api should use windows authorization as well (this is not documented yet, though).
So for your issue you should prepare NTLM digest by yourself. Please refer to http://stackoverflow.com/questions/909658/windows-authentication-with-python-and-urllib2 for example.
Another workaround is to disable windows authorization for REST api folder in IIS - go to IIS, select "rest" folder under application root folder, then in authentication disable Windows Authentication.
Thanks,
Alex
Unfortunately, if TP uses Windows authorization, REST api should use windows authorization as well (this is not documented yet, though).
So for your issue you should prepare NTLM digest by yourself. Please refer to http://stackoverflow.com/questions/909658/windows-authentication-with-python-and-urllib2 for example.
Another workaround is to disable windows authorization for REST api folder in IIS - go to IIS, select "rest" folder under application root folder, then in authentication disable Windows Authentication.
Thanks,
Alex
Aliaksandr Famin
Dec 2, 2011, 1:11:27 AM12/2/11
to Kris Gross, devtarge...@googlegroups.com
You need 'api' folder on root of your TargetProcess site.
Thanks,
Alex, TP Team
--
Шурик Фомин к Вашим услугам.
Thanks,
Alex, TP Team
On Wed, Nov 30, 2011 at 8:49 PM, Kris Gross <kris....@mandiant.com> wrote:
As per your second suggestion, this is the only folder that seemed to match: <machine>\Sites\Default Web Site\TargetProcess2\RestUI. Is that what you were referring to? If so, we still received the same 401 errors after modifying the authentication.
I’m running into issues with the NTLM setup (python-ntlm: hashlib & md4 support), so I’m still investigating that route.
Let me know if you notice anything obvious.
Thanks,
Kris
--
Шурик Фомин к Вашим услугам.
Aliaksandr Famin
Dec 5, 2011, 11:07:24 AM12/5/11
to Kris Gross, devtarge...@googlegroups.com
Sorry for late response.
Actually, you have nothing to do to initialize api, because REST api pathes are virtual. But you could try to create an 'api' folder in TargetPrcess root directory and then manipulate with its permissions.
Thanks,
Alex
Actually, you have nothing to do to initialize api, because REST api pathes are virtual. But you could try to create an 'api' folder in TargetPrcess root directory and then manipulate with its permissions.
Thanks,
Alex
On Fri, Dec 2, 2011 at 5:56 PM, Kris Gross <kris....@mandiant.com> wrote:
So if that folder doesn’t exist, what does that mean? I’ve attached a screenshot of the version of Target Process that we’re currently running as well as the current folder structure.
Is there a step within the UI that we need to initialize the API?
Thanks,
Kris
Reply all
Reply to author
Forward
0 new messages