jrottman
Programmer
- Jun 17, 2005
- 47
Well since this project got canned due to server errors with my local IDX provider I really don't have time to write up a formal tutorial on how I did this. But I am going to post my code (pretty easy to understand).
<cfhttp url=" method="get" />
<h3>Initial Server Response</h3>
<cfdump var="#cfhttp#" />
<cfscript>
/* These three vars should be provided to you by your IDX provided.
In the case you are not given the login url, use everything after the port number or tld (.com)
Do not use the page name in your login uri (login.aspx) It should look something like this /rets/login
*/
username = "USERNAME";
password = "PASSWORD";
login_uri = "LOGINURI";
// create an array without the auth type. So you are left only with the auth parameters.
tempList = Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",','All');
headerArr = ListToArray(Trim(tempList));
/* create an array holding the auth type. This can be used to extend
this script to allow fo both basic and digest auth
*/
auth_Temp = ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' ');
/* Set a variable to the auth type */
auth_Type = auth_Temp[1];
/* Create a structure that will hold the auth parameter objects.
We set the struct key to the value of the auth paramter.
*/
authStc = structNew();
for(i=1;i lte ArrayLen(headerArr);i=i+1){
key = Replace(Left(headerArr,Find('=',headerArr)),'=',','ALL');
value = Replace(RemoveChars(headerArr,1,Find('=',headerArr,"1")),'"',','ALL');
authStc[key] = value;
}
// Define the authentication realm.
auth_Realm = authStc['realm'];
A1 = username & ':' & auth_Realm & ':' & password;
A2 = 'GET:' & login_uri;
auth_Nonce = authStc['nonce'];
auth_Opaque = authStc['opaque'];
// create the raw_digest
raw_Digest = Lcase(Hash(A1,"MD5")) & ':' & auth_Nonce & ':' & Lcase(Hash(A2,"MD5"));
// create the final response
response = Lcase(Hash(raw_digest,"MD5"));
// create the final digest auth string
encodedAuth = 'Digest username=' & chr(34) & username & chr(34) & ',' &
'realm=' & chr(34) & auth_Realm & chr(34) & ',' &
'nonce=' & chr(34) & auth_Nonce & chr(34) & ',' &
'uri=' & chr(34) & login_uri & chr(34) & ',' &
'response=' & chr(34) & response & chr(34) & ',' &
'opaque=' & chr(34) & auth_Opaque & chr(34);
</cfscript>
<cfoutput>#encodedAuth#</cfoutput><br />
<br />
<cfhttp url=" method="get" >
<cfhttpparam name="Authorization:" type="header" value="#encodedAuth#" />
</cfhttp>
<cfoutput>#cfhttp.StatusCode#</cfoutput>
<cfhttp url=" method="get" />
<h3>Initial Server Response</h3>
<cfdump var="#cfhttp#" />
<cfscript>
/* These three vars should be provided to you by your IDX provided.
In the case you are not given the login url, use everything after the port number or tld (.com)
Do not use the page name in your login uri (login.aspx) It should look something like this /rets/login
*/
username = "USERNAME";
password = "PASSWORD";
login_uri = "LOGINURI";
// create an array without the auth type. So you are left only with the auth parameters.
tempList = Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",','All');
headerArr = ListToArray(Trim(tempList));
/* create an array holding the auth type. This can be used to extend
this script to allow fo both basic and digest auth
*/
auth_Temp = ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' ');
/* Set a variable to the auth type */
auth_Type = auth_Temp[1];
/* Create a structure that will hold the auth parameter objects.
We set the struct key to the value of the auth paramter.
*/
authStc = structNew();
for(i=1;i lte ArrayLen(headerArr);i=i+1){
key = Replace(Left(headerArr,Find('=',headerArr)),'=',','ALL');
value = Replace(RemoveChars(headerArr,1,Find('=',headerArr,"1")),'"',','ALL');
authStc[key] = value;
}
// Define the authentication realm.
auth_Realm = authStc['realm'];
A1 = username & ':' & auth_Realm & ':' & password;
A2 = 'GET:' & login_uri;
auth_Nonce = authStc['nonce'];
auth_Opaque = authStc['opaque'];
// create the raw_digest
raw_Digest = Lcase(Hash(A1,"MD5")) & ':' & auth_Nonce & ':' & Lcase(Hash(A2,"MD5"));
// create the final response
response = Lcase(Hash(raw_digest,"MD5"));
// create the final digest auth string
encodedAuth = 'Digest username=' & chr(34) & username & chr(34) & ',' &
'realm=' & chr(34) & auth_Realm & chr(34) & ',' &
'nonce=' & chr(34) & auth_Nonce & chr(34) & ',' &
'uri=' & chr(34) & login_uri & chr(34) & ',' &
'response=' & chr(34) & response & chr(34) & ',' &
'opaque=' & chr(34) & auth_Opaque & chr(34);
</cfscript>
<cfoutput>#encodedAuth#</cfoutput><br />
<br />
<cfhttp url=" method="get" >
<cfhttpparam name="Authorization:" type="header" value="#encodedAuth#" />
</cfhttp>
<cfoutput>#cfhttp.StatusCode#</cfoutput>