Use LabVIEW to login username and password into device IP webpage login prompt

Discussion:

(too old to reply)

petere

2008-02-10 16:40:04 UTC

Hi Paul,
I have had that problem many times before.  There are a number of different ways a web page might require your login. 
The 2 main methods are where the page will cause your browser to pop open a standard internet explorer password box or the page will have a custom form within its html.
If its an internet explorer style password box this is triggered as the first time you request the page the server actually returns a ?403-not authorised? error, this stimulates internet explorer to pop open the password box and when you click ok it re-requests the page with another line in the header:
"Authorization: Basic :user:password(base64)"
I guess if you always just sent that header on each request it will probably work.
If it?s a customised HTML form you will need to look at the html, look at the field names and whether the return method is GET of POST and return the data the same way.
With both of these types of web login its normal for them to return a cookie - which is just a string in the header, they will expect this to be sent back in the header on each subsequent page request so they still know who you are. 
However you say your device just works after you have logged in using internet explorer so it sounds like its tracking your IP address rather than using cookies
I have found it easier in the past to use a command line call to wget rather than try to do it myself. ? this will work very well for you if it is just using your IP address
<a href="http://www.gnu.org/software/wget/" target="_blank">http://www.gnu.org/software/wget/</a>
You can easily call this using a system exec in labview.
You can also "cheat" - use wireshark to capture whatever internet explorer is sending and just send the same :-) - works 95% of the time as long as there is no challenge/ response type authentication.
<a href="http://www.wireshark.org/" target="_blank">http://www.wireshark.org/</a>
Hope this helps.
Peter

<a href="http://www.gnu.org/software/wget/" target="_blank">http://www.gnu.org/software/wget/</a>
you can also "cheat" - use wireshark to capture wahtever internet explorer is sending and just send the same :-) - works 95% of teh time as long as tehr eis no challenge responce type authentication.
Hope this helps.
Peter
 

pessen

2008-02-12 18:10:05 UTC

Permalink

Thanks petere,
 
I think I am close but still not quite there. Just to clarify, the webpage that is accessed to control the device I am sending commands too, opens a password box (it is not a custom form in the HTML), and then once the username and password are entered it opens the main page......as shown in the 2 attached images.
 
Right now I am using the TCP Communicator Passive.vi that is found in the labview examples. I have attached that also. So I enter the IP address of the device, a TCP connection is made, and then commands can be sent to the device and the responses can be seen.
 
As I said before, I have the commands to send to the device to get it to do what I want (I had used wireshark to find these). I can manually open the webpage and enter my username and password, and then sending the commands to the device works correctly. My problem is still that I need to be able to enter the username and password from labview.....hopefully by just sending a command through this TCP communicator.
 
I am getting the "403-not authorized" error when I try to request the page. It seems like sending the "Authorization: Basic: user:password" should work but I am not sure how to do that exactly. The format for the commands that are used to communicate with the device is "GET /xxxxxxxx" like this "GET /remsw1.htm".
 
So my question now is this, what is the proper way to send the header with the user name and password? Also, do I need to send the username and password as text or do I need to send it as hex or something? If I can just get this figured out then I will be in buisness.
 
Thanks for any help, Sorry if the answer to this problem should be obvious, I am fairly new to LabVIEW and this is my first time working with TCP. Thanks!
 
 

TCP Communicator - Passive1.vi:
http://forums.ni.com/attachments/ni/170/301249/1/TCP Communicator - Passive1.vi

Login.JPG:
Loading Image...

Home Page.JPG:
http://forums.ni.com/attachments/ni/170/301249/3/Home Page.JPG

MikeS81

2008-02-12 18:40:05 UTC

Permalink

Hi pessen,
here is a vi with which you can receive the data which was send to you after a GET command. At the moment it receives only the Header. Maybe it helps you.
MikeMessage Edited by MikeS81 on 02-12-2008 12:13 PM

Http.receive_from_Server.vi:
http://forums.ni.com/attachments/ni/170/301263/1/Http.receive_from_Server.vi

MikeS81

2008-02-12 19:10:05 UTC

Permalink

pessen wrote:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)Host: 134.253.34.3 80Connection: Keep-AliveAuthorization: Basic Y3liZXI6Y3liZXI="
 
When I manually enter my username and password to log in wireshark shows this:
Authorization: Basic Y3liZXI6Y3liZXI=  Credentials: xxxx:yyyy"                ----- where xxxx & yyyy represent the username and password

Hi pessen,
as far as i know is this string "Authorization: Basic Y3liZXI6Y2liZXI=" the password and the username base 64 coded. "Y3liZXI6Y2liZXI=" = "User:Password". What is Credentials in your manual written command?
Mike

pessen

2008-02-12 19:10:10 UTC

Permalink

I believe you are correct in regards to the "Authorization..." with the username:password part being base 64 coded. Right now the password and username and password on the device are defaulted to "cyber". I tried several combinations using the GET / command such as:
 
GET / Authorization: Basic Y3liZXI6Y3liZXI=
GET / WWW-Authorization: Basic Y3liZXI6Y3liZXI=
GET / Y3liZXI6Y3liZXI
GET / cyber:cyber
GET / cyber:cyber=
 
But all I am getting is the 401 Unauthorized response... i.e: "HTTP/1.0 401 Unauthorized WWW-Authenticate: Basic realm="CyberPower Power Manager System"

MikeS81

2008-02-12 19:40:04 UTC

Permalink

Hi pessen,
the Authentication is part of the Header not of the GET line. The GET Line is everytime the same: GET /URL HTTP/1.1. i think it has to be something like this:

- GET / HTTP/1.1\r\n

- Authentication: Basic Y3li...=\r\n

- \r\n

it has to be the same string like you see in Wireshark.
MikeMessage Edited by MikeS81 on 02-12-2008 01:11 PM

MikeS81

2008-02-12 19:40:05 UTC

Permalink

Hi pessen,
do you know this article? <a href="http://en.wikipedia.org/wiki/Basic_access_authentication" target="_blank">http://en.wikipedia.org/wiki/Basic_access_authentication</a>.
I need what you want now at work, but at the moment i have no ready version.
Mike

pessen

2008-02-12 19:10:05 UTC

Permalink

I actually am using wireshark to see what is being sent and recieved. For example, wireshark shows that the command tell my device (a Power Distribution Unit) to turn outlets 1, 2, 3 on is  "GET /uswrem.cgi?tp=0&osw=1&osw=2&osw=3&sbt=Apply". Wireshark shows this:
 
"GET /uswrem.cgi?tp=0&osw=1&osw=2&sbt=Apply HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*-------: ----:------------------------------Accept-Language: en-usAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)Host: 134.253.34.3 80Connection: Keep-AliveAuthorization: Basic Y3liZXI6Y3liZXI="
 
When I manually enter my username and password to log in wireshark shows this:
 
"GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Accept-Language: en-usAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)Host: 134.253.34.3Connection: Keep-AliveAuthorization: Basic Y3liZXI6Y3liZXI=  Credentials: xxxx:yyyy"                ----- where xxxx & yyyy represent the username and password
 
In the link that MikeS81 sent it says,
 "A user agent that wishes to authenticate itself with an origin server--usually, but not necessarily, after receiving a 401 (Unauthorized)--MAY do so by including an Authorization header field with the request." But I didn't see where it specified how to send the header with a request.
 
So somehow I believe I need to send the "GET /" command and attach the header for the Authorization. I have tried several different things but none of them work as of yet. Does anyone konw how to send headers with a request? Thanks,
 
 
 