Siteminder excel vba authentication - vba

I need to use jira Rest API to fetch some content in an excel sheet.The problem is that the server is siteminder enabled.I am using this codeproject article as reference (.http://www.codeproject.com/Articles/80314/How-to-Connect-to-a-SiteMinder-Protected-Resource ) but still cannot get to the past the siteminder login page
For reference,my code is as follows:
Dim http As New WinHttp.WinHttpRequest
http.Option(WinHttpRequestOption_EnableRedirects) = False
url = "http://example.com"
' Launch the HTTP request
http.Open "GET", url, False
http.Send
target=http.GetResponseHeaders("location")//get the target url for post
Cookie=""
postData="USER="&HttpUtility.UrlEncode(username)&"&PASSWORD="&password
http.Open "POST", target, False
http.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
http.setRequestHeader "Cookie", Cookie
http.Send postData
The first http request takes me to the userlogin page of siteminder but the user doesn't get authenticated after the post request.I receive the error login page.Any suggestion as to how to get the user authenticated?

Related

How to retrieve and store JSESSIONID cookie?

I'm writing a web parser, everything is going well except the JSESSIONid which I cannot retrieve correctly. When I make the request with Postman I obtain a JSESSIONid cookie which I can further force into my VBA code, but that's not what I want. I want to get that cookie directly from my code.
Basically this is the part of my code which causes problem:
WHTTP.Open "POST", mainUrl & RequestAuth, False
WHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
WHTTP.Send strAuthenticate
jsessionIDCookie = WHTTP.GetResponseHeader("Set-Cookie")
jsessionIDCookie = Split(jsessionIDCookie, ";")(0)
I just obtained a jsessionIDCookie from the code, but it doesn't help me at the auth:
WHTTP.Open "POST", mainUrl & RequestAuth, False
WHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
WHTTP.SetRequestHeader "Cookie", jsessionIDCookie
WHTTP.Send strAuthenticate
When I force the jsessionIDCookie (retrieved from Postman) like this:
jsessionIDCookie = "JSESSIONID=lg49wqrAhHAGy5PirUBfBXM6uChBa67cXopvbDdK.i3jbseotaaff2"
Into my code, and ignore the first part more above, the authorization works fine!

Twilio SMS API call not recognizing mediaurls

My goal is to send a text message in VBA with Twilio's API by using WinHttpRequest and a POST call.
I put together a custom call using the WinHttpRequest for a basic SMS message and that worked. I can send text messages just fine.
But then I tried adding the MediaURL to the data, and it ignored the URL (no image attached to SMS). I confirmed the URL was valid by testing it in the Visual Studio project and it was able to send just fine.
I went back and tried sending a test image on twilio's servers and it works. I copied the same image to a server and it won't work.
WORKS
HTTPReq.send ("Body=Hi Brent, Hello From Me!&From=+1XXXXXXXXXX&To=+1XXXXXXXXX&MediaUrl=https://demo.twilio.com/owl.png")
DOESN'T WORK
HTTPReq.send ("Body=Hi Brent, Hello From ME!&From=+1XXXXXXXXXX&To=+1XXXXXXXXXX&MediaURL=https://smarttanktester.com/wp-content/uploads/2018/10/owl.png")
(Phone numbers removed).
I tested with a few more images from their site and they work.
So it appears that URLs external to their server are being ignored. My guess is that I have something configured wrong from my end.
Here is my code.
TargetURL = "https://api.twilio.com/2010-04-01/Accounts/XXX/Messages"
Set HTTPReq = CreateObject("WinHttp.WinHttpRequest.5.1")
HTTPReq.Open "POST", TargetURL, False
HTTPReq.setRequestHeader "Accept", "application/json"
temp = "Basic " & EncodeBase64
HTTPReq.setRequestHeader "Authorization", temp
HTTPReq.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
HTTPReq.send ("Body=Hi Brent, Hello From Me!&From=+1XXXXXXXXXX&To=+1XXXXXXXXXX&MediaURL=https://smarttanktester.com/wp-content/uploads/2018/10/owl.png")
Any help is greatly appreciated.

Can't replicate successful HTTP Request in VBA; Returns 403 Error when made in VBA, but not cURL

This curl request works and gives a 200 response code when made through the windows command line:
curl -v -u user:pass -X GET https://www.website.com/path
When I try to make the same request in VBA, though, I get a 403 error and the response appears empty. I'm using this code:
Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
objHTTP.Open "GET", "https://www.website.com/path", False
objHTTP.SetCredentials "user", "pass", 0
objHTTP.Send
I've made sure the reference to the WinHttpRequest 5.1 library was set via Tools>>References, but I'm no great shakes at VBA and don't know what else I might be doing wrong to recreate the successful curl request in VBA. C# WebRequest but not cURL Gives Error 403 seems to have a similar problem, but the answerer says curl also gives a 403, which isn't the case for me - and in any event, there doesn't seem to be a version of HttpClient for VBA, at least according to the documentation and this other question: VBA using HttpClient to connect to an external REST API.
I use an alternative in Access without any issues.
Dim WinHttp_ As Object
Set WinHttp_ = CreateObject("MSXML2.XMLHTTP")
WinHttp_.Open "GET", <url>, False, <user>, <password>
WinHttp_.Send
If WinHttp_.Status = 200 Then
'do whatever you need through WinHttp_.ResponseBody or WinHttp_.responseText
End If
Set WinHttp_ = Nothing
You may need to check the WinHttp_.ReadyState before checking the WinHttp_.Status.
https://msdn.microsoft.com/en-us/library/hh772834(v=vs.85).aspx
I was able to resolve my issue by switching to MSXML2 and encoding the authorization header in base 64. Not sure why this was necessary, but I'm leaving this here in case some other poor lost soul ends up with the same problem.
Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
With objHTTP
.Open "GET", URL, False
.setRequestHeader "Authorization", "Basic " + Base64Encode("user:pass")
.setRequestHeader "Content-Type", "application/json"
.Send Body
End With

default credentials in VBA

I'm tryng to make a HTTP request from VB for Applications ( VBA)
that should have been simple:
URL = "https://www.google.com/"
Set xhr = CreateObject("MSXML2.ServerXMLHTTP.6.0")
xhr.Open "GET", URL, False
xhr.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xhr.Send
MsgBox xhr.responseText
BUT I'm behind a proxy server which require basic auth (base64).
How to set the credentials in VBA ?
(something equivalent to : myHttpWebRequest.Credentials = CredentialCache.DefaultCredentials)
If this is not possible, how to solve the issue with another approach ?
Thanks !
You'd need the setProxyCredentials method. I don't have a proxy to test, but this should do the trick:
URL = "https://www.google.com/"
Set xhr = CreateObject("MSXML2.ServerXMLHTTP.6.0")
xhr.Open "GET", URL, False
xhr.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xhr.setProxy 2, "192.168.0.222:8080"
xhr.setProxyCredentials "your_username" , "password_for_username"
xhr.Send
MsgBox xhr.responseText
Taken from This Question which points out the 2 argument is a version number that you may need to change.

VBA XMLHTTP clear authentication?

I am writing a set of VBA macros in which it uses the XMLHTTP object to send asynchronous requests to a server. I am sending Basic Authentication with:
XMLHttpReq.setRequestHeader "Authorization","Basic " & Base64EncodedUserPass
This works great the first time.
But if the user changes their userid/password, even if the code creates a brand new XMLHttpReq object and sets this header to the new information, it logs in to the server as the first user, presumably from cached credentials.
How can I cause the code to "forget" that I have logged in before, and re-authorize?
Edit as requested, the relevant part of the code; it really isn't very complicated:
myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText
These questions have been discussed in many ways due to major browsers different implementations of caching methods.
I will give you what worked for me and then the sources I found on this feature.
The only solution I could came across was to force the browser to not cache the request.
myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader("Cache-Control", "no-cache");
oHttp.setRequestHeader("Pragma", "no-cache");
oHttp.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText
It seems that Cache-Control works on most browsers and Pragma only on Firefox and not IE (don't know why...)
If-Modified-Since is used for IE, since IE uses different settings in his own algorithm to determine whether or not the request should be cached. XMLHttpRequest seem to not be treated as the same as HTTP responses.
Careful : With this code you will need username and password each time a new object is created. Maybe you should create a new object, instantiate it once and then destroy it after use. In between you would have all your requests handled in different functions with only one authentication.
Sources
MSDN setRequestHeader Method
MSDN IXMLHTTPRequest
XMLHTTPREQUEST CACHING TESTS
XMLHttpRequest and Caching