REST authentication failed

REST authentication failed

  
Hi, 

I am trying to make REST SP call to the following WS: http://endpoint/rc/{param}/_api/web/GetFolderByServerRelativeUrl('Shared%20Documents/')/Folders

When I try this in SOAPUI it works, but in Outsystems it returns me an error "Authentication Failed", even though I provide the  Basic Authentication details. 

Could you please help me with this?

Thanks in advance
Hi Inês,

Double check the authentication credentials to ensure that you are making the correct request.
If you have access to ServiceCenter, please activate the Trace for that REST API in order to check the payload you're sending and validate that it is correct.

<< check attached screenshots >>

After that, do another request and check service center integration logs to view the complete request payload.

Let me know if it helped.

Regards,
Actually, it somewhat helped - because I could see the header. But I still get 401 Unauthorized. I also double checked the credentials. 

Could I be missing something?
are you using SetWebReferenceCredentials to set the  Basic Authentication details first? I have not used rest in outsystems but soap for outsystems I have used   SetWebReferenceCredentials but  looking at Nuno screen shots rest outsystems implmentation looks easier.

I found this interesting http://www.outsystems.com/help/ServiceStudio/9.1/index.htm#t=Integrating_with_other_systems%2FWeb_Services%2FTroubleshooting_REST_APIs.htm

Debugging

To debug, add breakpoints to actions you have in your REST APIs.

Consumed REST APIs

In this case, your application sends a request to a remote REST API and receives a response from it.

Debug can be done during the request lifecycle, in the following actions:

  • OnBeforeRequest Callback: Debug requests you send. It is executed right before the request is sent to the remote REST API. Learn more about the OnBeforeRequest action.
  • OnAfterResponse Callback: Debug returning responses. It is executed right after the response is received from the remote REST API. Learn more about the OnAfterResponse action.

Hi Inês, 

If you are getting 401, means:
1. Authorization header is there but with invalid configuration (Basic user:pass)
2. Authorization header is missing from the request.

Are you adding the Authorization header on your own or it is OutSystems Platform that is doing that for you?
I have tried both, Outsystems Platform doing it for me and adding it on my own. 

I also tried the OnBeforRequest thing using the extension REST Integrated Authentication. Still no success.

Something may be missing, I just don't understand what. 

Thank you all
Inês, 

Can you post here the REQUEST payload?
(please change the Base64 value of your user:password) just to try to identify the problem.


sharepoint right? Can you set up an example that we can consume and test?

Its great you got it to work in SOAPUI first which gives posters confidence. 
Inês, 

I was checking with a collegue of mine and we may have been "tricked by our eyes" :)

Your URL have the char " ' ". that char is encoded and you may be redirected to other resource and then you are getting the 401 Unauthorized on that other resource.

In w3schools we see that " ' " is encoded to " %27 " so, as workaround, you can try the following:
  1. Add OnBeforeRequest action
  2. Replace all " %27 " with " ' " (again) - do this on CustomizedRequest.

Please, let me know if it helped.
Nuno Maurício wrote:
Inês, 

I was checking with a collegue of mine and we may have been "tricked by our eyes" :)

Your URL have the char " ' ". that char is encoded and you may be redirected to other resource and then you are getting the 401 Unauthorized on that other resource.

In w3schools we see that " ' " is encoded to " %27 " so, as workaround, you can try the following:
  1. Add OnBeforeRequest action
  2. Replace all " %27 " with " ' " (again) - do this on CustomizedRequest.

Please, let me know if it helped.
Should I also do the same for the parenthesis?  
 
Inês Castelo wrote:
Nuno Maurício wrote:
Inês, 

I was checking with a collegue of mine and we may have been "tricked by our eyes" :)

Your URL have the char " ' ". that char is encoded and you may be redirected to other resource and then you are getting the 401 Unauthorized on that other resource.

In w3schools we see that " ' " is encoded to " %27 " so, as workaround, you can try the following:
  1. Add OnBeforeRequest action
  2. Replace all " %27 " with " ' " (again) - do this on CustomizedRequest.

Please, let me know if it helped.
Should I also do the same for the parenthesis?  
 
 I don't think so but... try both to understand the behavior.
 
Still the same. I still get authentication error.

How can I use NTLM authentication in outsystems? This because I think sharepoint uses this kind of authentication
Hi Inês,

Have you tried the forge component (REST Integrated Authentication)?

This seems to help your use case.
Nuno Maurício wrote:
Hi Inês,

Have you tried the forge component (REST Integrated Authentication)?

This seems to help your use case.
 Yes I have and I get the same error.
 
Hi Inês

As I said I could have saved you the trouble "looks like nuno suggestion already has the same issue! http://www.outsystems.com/forums/discussion/17641/401-unauthorized/"

Tell me how you get on with http://www.outsystems.com/forums/discussion/14162/authentication-in-sharepoint-ws/

George Jeffcock wrote:
Inês Castelo looks like this should help http://www.outsystems.com/forums/discussion/14162/authentication-in-sharepoint-ws/


looks like nuno suggestion already has the same issue! http://www.outsystems.com/forums/discussion/17641/401-unauthorized/




 
That one does not work on REST, only SOAP from what I could see. It does not allow me to Add "SetWebReferenceURL" - I get the following error: The literal "webreference"  in the argument WebReferenceName of the Execute Action SetReferenceURL does not match any Webservice name consumed in the eSpace 

sorry about that.

Did you use https://www.soapui.org/oauth2/reference/ntlm.html  in your soapui project to get it to work in SOAPUI...are you willing to share the soapui project? Find it hard to investigate with out working example in soapui first.


George Jeffcock wrote:
sorry about that.

Did you use https://www.soapui.org/oauth2/reference/ntlm.html  in your soapui project to get it to work in SOAPUI...are you willing to share the soapui project? Find it hard to investigate with out working example in soapui first.
 
 
 Yes I did, I used NTLM authentication in SOAPUI. Unfortunately since it is my company's specific WS, I can't provide that information. 

I understand tha it is hard to test.
Thank you anyway.
Inês,

Are you able to "sniff" the network with Fiddler (or something similar) in order to understand both requests (OutSystems and SOAPUI)?

If you are, compare both requests and check the differences. Something SOAPUI is doing different!
If you are using this all on premise then I recommend using wireshark to sniff the packets as Nuno says.

What people should not be thinking is Outsystems is bad at REST...this is simply part of being a API developer, you need to be able to use Wireshark/Fiddler etc as when you come WS Security (aka Death Star) for examlple SOAPUI as a client is sometimes tooooooo good and does things behind the scences that you are then not aware of you have to replicate in your client tool (in this case Outsystems). 

Outsystems staff can also do little to help like any other vendor until they have both headers to compare working SOAPUI and Outsystems created header.

If you use https://www.getpostman.com/  then you will get a better understanding of how to build the header before trying to get outsystems to build the header. You actually want to recreate the outsystems error in Soapui/Postman !!!