Access to WinCC OA from Webservice via C # API

Post by **kilianvp** » Thu Nov 09, 2017 1:15 pm

you can sign your post with a secrect key and provide the public key (sha1 hmac)

or you use https://jwt.io/

Post by **mhargreaves** » Thu Nov 09, 2017 4:02 pm

Kilian von Pflugk wrote:

you can sign your post with a secrect key and provide the public key (sha1 hmac)

or you use https://jwt.io/

Thanks for that - is there a way to sign the post within CONTROL script?

Post by **kilianvp** » Thu Nov 09, 2017 4:34 pm

Mark Hargreaves wrote:

Kilian von Pflugk wrote:
you can sign your post with a secrect key and provide the public key (sha1 hmac)

or you use https://jwt.io/
Thanks for that - is there a way to sign the post within CONTROL script?

you can write a function that use openssl and base64.. you use 3.15?

I wrote a similar function already

Post by **mhargreaves** » Thu Nov 09, 2017 4:37 pm

Yes - I use 3.15

Tue Nov 14, 2017 9:00 am

For SHA-1 you could use the 'cryptoHash' function and for base64 you could use the 'base64Encode' function.

Signing your post does not provide any authorization or authentication. It only provides the ability to verify the data against the signature.
But it does not limit anyone from posting data or executing a successful replay attack.

Post by **mhargreaves** » Tue Nov 14, 2017 2:49 pm

How would I sign the post in CONTROL Script?

At the moment I have tried using basic authentication and use:

netGet("https://mark-pc:9443/api/values", result,
makeMapping("headers", makeMapping("Authorization","Basic "+base64Encode("username:password"))));

Thu Nov 30, 2017 9:26 am

Your example looks to be correct. What is wrong with it?

Post by **mhargreaves** » Thu Nov 30, 2017 9:34 am

Gertjan van Schijndel wrote:

Your example looks to be correct. What is wrong with it?

I was hoping to do it using something better than basic authentication, but couldn't work out how to do that.

Post by **kilianvp** » Thu Nov 30, 2017 10:14 am

its wrong! ":" is the seperator. The Server splits the String into 2 Parts. So base64Encode booth Username and Password and concatenate it with ":"

//Edit:

I made a quick nodejs http Server

Your example worked for me:

WCCOAui1:2017.11.30 10:34:18.998[mapping 5 items
WCCOAui1: "headers" : mapping 3 items
WCCOAui1: "Connection" : "keep-alive"
WCCOAui1: "Date" : "Thu, 30 Nov 2017 09:34:18 GMT"
WCCOAui1: "Content-Length" : "14"
WCCOAui1: "httpStatusCode" : 200
WCCOAui1: "content" : "Access granted"
WCCOAui1: "url" : "http://localhost:3000/"
WCCOAui1: "httpStatusText" : "OK"
WCCOAui1:]

Thu Nov 30, 2017 10:23 am

It is correct! Yes, the server splits it into 2 part, but after decoding it. For an example of the authorization header, see Wikipedia.

Sorry, I do not have time to make free complete examples for everyone on the portal. Our consultancy department could help you with it.

HowTos

Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API

Re: Access to WinCC OA from Webservice via C # API