Mark- 29 Posted November 6, 2020 (edited) Hello, Delphi 10.2.3, ICS 8.62 I am reading the settings from an Axis video camera. The payload is XML. Example URI: root:admin@192.168.8.218:80/onvif/device_service The issue, I form up the message, use PostAsync, the data comes back and all is good. I view the process via Wireshark, I see the “Post” and the reply is “HTTP 1.1 401 Unauthorized” and the reply includes: [truncated]Authorization: Digest username="root",realm="AXIS_WS_ACCC8EE4F05C",nonce="sgpPo3OzBQA=f77c1448ee4c9dfe2a268b430a4f4ee824f78950",uri="/onvif/device_service",response="909198f352f89203fe5701378e615379",qop=auth,nc=00000001,cnonc Different values each time, same fields. THttpCli sends the post again, including the above information, and the camera returns the data. I have tried many things. Changing the “serverAuth”, no difference. Another program, I view the stream and it does not have the same cycle. I must be missing something. Ideas? Thanks, Mark Edited November 6, 2020 by Mark- Share this post Link to post
Angus Robertson 577 Posted November 6, 2020 You should not need to use tools like Wireshark to debug your application, you should add logging into your applications using the onCommand event for data sent and onHeaderData for responses received, this is illustrated in various samples. Or use the THttpRest component instead which already has this logging. You should try your URL in the OverbyteIcsHttpRestTst sample and see what happens. Long time since I look at basic authentication which is what you are using, but setting ServerAuth to httpAuthBasic should send the Authorization: Basic xxx header with the initial request, which you can check with your logging. Angus Share this post Link to post
Mark- 29 Posted November 6, 2020 (edited) Hello, Thanks for the response. I had all kinds of logging enabled and I could not see the issue. Wireshark is a good tool for seeing outside the program. > setting ServerAuth to httpAuthBasic I get a 401 error. I guess I will return to logging. Mark Edited November 6, 2020 by Mark- Share this post Link to post
Mark- 29 Posted November 6, 2020 Hello, > use the THttpRest component The TSslHTTPRest? Altering the URL to remove the username and password made no difference. I added an ICS logger and selected each of the ServerAuth options and all produced the same result. Other than causing a complete failure no change has altered the cycle. Attached is the log file. Cheers, Mark logFileICS.txt Share this post Link to post
Angus Robertson 577 Posted November 6, 2020 Quote Authorization: Digest username="root",realm="AXIS_WS_ACCC8EE4F05C", The component is auto selecting httpAuthDigest for which it requires the challenge sent in the 401 response, the component does not have any way of storing the relaam, nonce and other stuff. Not sure if the same Authorization: header can be used more than once for subsequent requests, never used Digest myself. You'll need to check Wireshark on the other application to find out where it finds realm, etc, or if it uses a different authentication mechanism. Angus Share this post Link to post
Mark- 29 Posted November 6, 2020 Thanks for the response. > The component is auto selecting httpAuthDigest Yeah and when I select Digest, same 401 result. > Not sure if the same Authorization: header can be used more than once for subsequent requests, never used Digest myself. Ditto, > You'll need to check Wireshark on the other application to find out where it finds realm, etc, or if it uses a different authentication mechanism. Yeah, my searching found nothing. I suspect I need to check again. Share this post Link to post
Angus Robertson 577 Posted November 6, 2020 The 401 response is expected for Digest and NTLM, there is a challenge returned, you can never avoid it. The only issue is if you only need to accept it once. Angus Share this post Link to post
Mark- 29 Posted November 6, 2020 Interesting, thanks. More dissection planned. Share this post Link to post
Mark- 29 Posted November 15, 2020 Thanks for the help Angus. To close this issue. The issue was the time difference between the camera and the PC. The camera rejects the message if the time difference is greater than about 5 seconds. Solution is to read the time in the camera and adjust the transmitted time stamp. Reading the camera time does not require authentication. If the message sent to the camera contains a certain namespace reference, the camera will switch to attempt a digest authentication after the first failed, ONVIF authentication. While ICS handled the "digest" authentication, flawlessly, the double process was not workable for the design goals. Cheers, Mark Share this post Link to post