Question about create logon session using python

[eric123321]

I used postman and powershell, it works, i can get the X-RestSvcSeesionId. ..
i dont know why i get status: 500...anyone can help..Thanks!

Code: Select all

import requests

headers = {
       # "Authorization": f"Basic {authentication_code}",
       "Authorization": "Basic  YWRtaW46UEBzc3cwcmQ=",
    }
r = requests.post("https://10.0.0.100:9398/api/sessionMngr/?v=v1_5", headers,verify=False)
print(r.status_code)
print(r.content)

[Error]
C:\Users\abc\AppData\Local\Programs\Python\Python38-32\lib\site-packages\urllib3\connectionpool.py:981: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.0.0.100'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
500
b'{"FirstChanceExceptionMessage":null,"StackTrace":null,"Message":"Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the \'Response\' property of this exception for details.","StatusCode":500,"Status":"InternalServerError"}'

[ssimakov]

Logs might have some clues but it could be that it does not like two spaces in the authentication header. Why do you construct it manually? Doing something like this should be easier:

Code: Select all

from requests.auth import HTTPBasicAuth
requests.post(url, auth=HTTPBasicAuth(username, password))

[poulpreben]

Actually, it's even more simple. From the documentation:

In fact, HTTP Basic Auth is so common that Requests provides a handy shorthand for using it...

It is not required to manually import HTTPBasicAuth.

Just replace your headers with the "auth" parameter:

Code: Select all

r = requests.post("https://10.0.0.100:9398/api/sessionMngr/?v=v1_5", auth=("username", "password"), verify=False)

[ssimakov]

True. However the shortcuts are the blessing and the curse, sometimes you'd prefer to use self-explanatory constructions to protect future generations. But that's different topic.

[eric123321]

Actually, it's even more simple. From the documentation:



It is not required to manually import HTTPBasicAuth.

Just replace your headers with the "auth" parameter:

Code: Select all

r = requests.post("https://10.0.0.100:9398/api/sessionMngr/?v=v1_5", auth=("username", "password"), verify=False)

I tried but no hope. it shows username or password incorrect....
I open chrome, type "https://10.0.0.100:9398/api/sessionMngr/?v=v1_5", i found that i cannot access. but i can query api using postman with same account.

I can access "https://10.0.0.100:9443/ using same account....


C:\Users\abc\AppData\Local\Programs\Python\Python38-32\lib\site-packages\urllib3\connectionpool.py:981: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.0.0.100'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/lates ... l-warnings
warnings.warn(
401
b'{"FirstChanceExceptionMessage":null,"StackTrace":null,"Message":"The user name or password is incorrect","StatusCode":401,"Status":"Unauthorized"}'

Code: Select all

[log from Veeam]
[19.08.2020 19:38:39] <19> Info     License is validated. Status: 'Success', Comment: 'License is valid.'
[19.08.2020 19:38:39] <19> Info     Checking the license edition. Current license edition: EnterprisePlus
[19.08.2020 20:19:12] <71> Info     [POST] request to [https://10.0.0.100:9398/api/sessionMngr/?v=v1_5] deserialized. Message: [null]; Parameters: [].
[19.08.2020 20:19:12] <71> Info     [Authenticated] Logging on...
[19.08.2020 20:19:12] <71> Error    Login failed.. RequestUri: [URI template match was not found].
[19.08.2020 20:19:12] <71> Error    Authorization header is missing (Veeam.Backup.Interaction.RestAPI.CRestAPICommunicationException)
[19.08.2020 20:19:12] <71> Error       at Veeam.Backup.Enterprise.RestAPIService.CWebApiRestOperationContext.GetAuthorizationHeader(HttpRequestMessage request)
[19.08.2020 20:19:12] <71> Error       at Veeam.Backup.Enterprise.RestAPIService.CEnterpriseRestSessionManagerControllerStub.<LogInAfterAuthentication>d__2.MoveNext()

[chris.arceneaux]

Possibly the commented code and unnecessary commas in the headers variable are causing the issue? Either way, below is working python code that I just validated in my lab:

Code: Select all

import requests
url = "https://em.home.lab:9398/api/sessionMngr/?v=v1_5"
headers = {
    'Authorization': 'Basic eW91IGp1c3QgZ290OnJpY2sgcm9sbGVk'
}
response = requests.request("POST",url,headers=headers,verify=False)
print(response.status_code)

[oleg.feoktistov]

@eric123321, just wondering - which encoding and conversion methods did you use in python and powershell to form authorization token? Thanks!

[chris.arceneaux]

Username/Password is base64 encoded. This is standard process when authenticating to a REST API using Basic auth and is mentioned in our documentation. Below are some reference articles showing code examples:

• Python
• PowerShell

Simply put the text that's encoded is: "username:password"

[oleg.feoktistov]

Sorry, Chris. I must have forgotten to mention Eric (fixed) Had a bit of a headache with encoding and base64 conversion myself a while ago getting the same error code, so was just wondering if it had something to do with it in Eric's case.
Thanks, Oleg

[eric123321]

Thank you all,
I used base64 encode.
This work!
response = requests.request("POST",url,headers=headers,verify=False)
or
response = requests.post(url, headers=headers, verify=False)