401 Authorization error when passing cookie...

I inherited a project from another developer that was already in place with an earlier version of ContentServer. We just upgrated to 10.5 when i came on.

The project uses the Web Services (Authentication.svc) to authenticate just fine. The code saves the token in memory. When we attempt to search, the system calls the CS.exe on the front end posting in a query string and specifing the results should be in XML format. This was working before the 10.5 upgrade I think.

Anyway, the token is attached to the request as a cookie (I don't have the exact code in front of me at the moment), but a 401 Not Authorized error is returned.

Any idea what I am doing wrong?

Find more posts tagged with

Comments

appuGmail

If you use your desktop browser and use Fiddler on your machine to a Livelink login URL that may look ending in llisapi.dll|cs.exe|livelink.exe does Fiddler record something like http://<OTDSSERVER_IN YOUR_ORGANIZATION>/otdsws/login?RFA=01cf0cfe%2De9ef%2D4d1f%2D8d71%2D161dafb330c8%3Ahttp%3A%2F%2F<LIVELINK_SERVER_IN YOUR_ORGANIZATION>%2E<DOMAIN>%2Ecom%2FOTCS%2Fllisapi%2Edll%3Ffunc%3Dotdsintegration%2Eredirect%26NextURL%3Dhttp%253A%252F%252F<LIVELINK_SERVER_IN YOUR_ORGANIZATION>%252E<DOMAIN>%252Ecom%252FOTCS%252Fllisapi%252Edll%253Ffunc%253Dll%2526objtype%253D142%2526objaction%253Dbrowse
If you see a Redirect like above then the main web traffic in your org is controlled by OTDS a interim server service that OT wants. If you don’t see a redirect through a OTDS server then chances are the webserver authentication like old times is active.
Ok if that is the latter then either ask your sysadmin or get yourself a SA credential and run this command ?func=admin.testargs .Do you see REMOTE_USER coming in? That would mean that this livelink expects IWA to work so 9 out of 10 times it is not using OTDS auth.
Now time to check the webservices part of this ? ask your admin or you yourself and see if Web.Config on the Livelink webservices server looks like modified from what OT supplied. Because if your old Livelink was using IWA then its web.config would have been altered as well as application that is hosted on that server(some companies won’t run Livelink server on webservices server) will be set to authentication with IWA. If it is the same thing OT supplied then your previous install was also not IWA but anonymously served so it should work the same way in 10.5 as well.It could just be that when the 10.5 wsapi was setup somebody forgot to make it anonymous.
Ok my guess is all of this should/would work if faithfully replicated in 10.5.
If all of the OT things for e.g. CGI and web services are at the mercy of OTDS all you have to do is to see the example here in OT that tells you how to get a OTDS token and give it to Livelink. Think of OTDS as a “man in the middle” application. Note the Livelink application still will need to satisfy itself of whether the OTDS token itself is valid sometimes Load balancers would basically sent parties to different nodes tripping them so if possible conduct your debugging in the most uncomplicated way.

BTW the postingresembles using the search API like this post in tek tips BTW what that is doing is once it posts to Livelinkexecutes ?func=search which is the searchAPI invocation .Recently I saw a goodpost by Alex Kropp in OT that actually tells you how programmers can make useof trying to use search API I would suggest you to look at those if my abovesuggested methods look too overwhelming. Note that only works in the search APIcase because OT has made it to work like that.

SOAP methods are usually made in most organizations with the help of an anonymously served web services application basically because OT supplies only that documentation, a lot of us working in other organizations who has taken a little more time to understand the mechanisms have been able to get it to work with std IWA. Many times these comes on and it might be time for OT to make some good suggestions on methods people should use https://knowledge.opentext.com/knowledge/cs.dll/open/69528807

..... appnair appunair( Livelink Rocks )

Well, if I called the wrongnumber, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937

On Fri, Oct 27, 2017 at 1:37 PM, eLink Entry: Content Web Services Forum <otdncontentwebservices971forum@elinkkc.opentext.com> wrote:

401 Authorization error when passing cookie... Posted byStarzman, KeithOn 10/27/2017 02:35 PM

I inherited a project from another developer that was already in place with an earlier version of ContentServer. We just upgrated to 10.5 when i came on.The project uses the Web Services (Authentication.svc) to authenticate just fine. The code saves the token in memory. When we attempt to search, the system calls the CS.exe on the front end posting in a query string and specifing the results should be in XML format. This was working before the 10.5 upgrade I think.Anyway, the token is attached to the request as a cookie (I don't have the exact code in front of me at the moment), but a 401 Not Authorized error is returned.Any idea what I am doing wrong?
[To post a comment, use the normal reply function]
Forum: Content Web Services Forum
Content Server: Knowledge Center CS16