My goal is to authenticate my client that uses the requests library (2.11.1) in Python 3.5.2 through NTLM with SSPI so that the user does not have to manually enter her domain credentials (used to login to the PC).
I have found the following possibilities, but none work for me:
HttpNtlmSspiAuth provokes an exception in requests:
import requests
from requests_ntlm import HttpNtlmAuth, HttpNtlmSspiAuth
requests.get(site_url, auth=HttpNtlmSspiAuth())
requests-sspi-ntlm always gets a 401:
import requests
from requests_sspi_ntlm import HttpNtlmAuth
session = requests.Session()
session.auth = HttpNtlmAuth()
session.get("http://ntlm_protected_site.com")
And requests-negotiate-sspi also triggers an exception in requests:
import requests
from requests_negotiate_sspi import HttpNegotiateAuth
r = requests.get('https://iis.contoso.com', auth=HttpNegotiateAuth())
Am I doing something wrong?
The package requests-negotiate-sspi works for me.
I probably had the same issue with PO, but I was too lazy to try PO's solution and integrate PO's code into mine. And Google helped me out. In case anyone encounters the same exception raised from sspi.py ValueError: year 30828 is out of range, it's a known issue for python 3.6 of requests-negotiate-sspi. See here: Github-Issue
I solved this by creating a new conda environment with python 3.4. Then reinstall some dependencies as well as requests-negotiate-sspi, boom, all works.
Same issue here but solved when I realized I was in a adm account that doesn’t have authorization to that resource uri.
Related
I am trying to access a server over my internal network under https://prodserver.de/info.
I have the code structure as below:
import requests
from requests.auth import *
username = 'User'
password = 'Hello#123'
resp = requests.get('https://prodserver.de/info/', auth=HTTPBasicAuth(username,password))
print(resp.status_code)
While trying to access this server via browser, it works perfectly fine.
What am I doing wrong?
By default, requests library verifies the SSL certificate for HTTPS requests. If the certificate is not verified, it will raise a SSLError. You check this by disabling the certificate verification by passing verify=False as an argument to the get method, if this is the issue.
import requests
from requests.auth import *
username = 'User'
password = 'Hello#123'
resp = requests.get('https://prodserver.de/info/', auth=HTTPBasicAuth(username,password), verify=False)
print(resp.status_code)
try using requests' generic auth, like this:
resp = requests.get('https://prodserver.de/info/', auth=(username,password)
What am I doing wrong?
I can not be sure without investigating your server, but I suggest checking if assumption (you have made) that server is using Basic authorization, there exist various Authentication schemes, it is also possible that your server use cookie-based solution, rather than headers-based one.
While trying to access this server via browser, it works perfectly
fine.
You might then use developer tools to see what is actually send inside and with request which does result in success.
I'm using pyblog module (python blogger) [See P.S. at the bottom for wordpress_xmlrpc] to automate operations on a wordpress blog, as suggested here.
Pyblog home page describes a simple using script:
import pyblog
blog = pyblog.WordPress('http://www.example.com/blog/xmlrpc.api', 'USERNAME', 'PASSWORD')
print blog.get_recent_posts()
When I run it locally, the script works fine. But when I deploy it on google app engine, I encounter the following error about the blog.get_recent_posts line:
return self.execute('metaWeblog.getRecentPosts', blogid, self.username, self.password, numposts)
File "/base/data/home/apps/myappname/1.371326087278559778/pyblog.py", line 93, in execute
raise BlogError(fault.faultString)
BlogError: parse error. not well formed
which refers to the following lines in pyblog.py:
try:
r = getattr(self.server, methodname)(args)
except xmlrpclib.Fault, fault:
raise BlogError(fault.faultString)
Removing the try/except the error occurred is indicated as:
Fault -32700: 'parse error. not well formed'
How to solve?
P.S.: I've tried a similar script using python-wordpress-xmlrpc library. Running the example script suggested here
from wordpress_xmlrpc import Client, WordPressPost
from wordpress_xmlrpc.methods.posts import GetPosts, NewPost
from wordpress_xmlrpc.methods.users import GetUserInfo
wp = Client('http://mysite.wordpress.com/xmlrpc.php', 'username', 'password')
wp.call(GetUserInfo())
<WordPressUser: max>
raises the same error!
I suspect the problem is that GAE blocks any outbound requests that do not use their URLFetch service at the foundation; you can't use ordinary sockets, for example. Google's versions of urllib etc. have been modified so that they use URLFetch internally.
Here's an old but very thorough article that discusses a similar XMLRPC situation and provides some solutions.
I'm trying to connect to TestLink via the xmlrpc API. I've set the following in TestLink's config.inc.php:
$tlCfg->api->enabled = TRUE;
$tlCfg->exec_cfg->enabled_test_automation = ENABLED;
and restarted the apache sever. I tried to connect the TestLink server via the python package TestLink-API-Python-client (https://github.com/orenault/TestLink-API-Python-client)
from testlink import TestlinkAPIClient, TestLinkHelper
import sys
URL = 'http://MYSERVER/testlink/lib/api/xmlrpc.php'
DevKey = 'MYKEY'
tl_helper = TestLinkHelper()
myTestLink = tl_helper.connect(TestlinkAPIClient)
myTestLink.__init__(URL, DEVKEY)
myTestLink.checkDevKey()
And then I receive a TLConnectionError, stating my url, and 404 Not Found...
Does anyone have any idea?
Thanks.
I didn't solve it.
I reverted to working on the TestLink DB directly. I'm sure it's more fragile than using the API, but it works...
If you are still looking for help, this code worked for me:
set TESTLINK_API_PYTHON_SERVER_URL=http://[YOURSERVER]/testlink/lib/api/xmlrpc/v1/xmlrpc.php
set TESTLINK_API_PYTHON_DEVKEY=[Users devKey generated by TestLink]
python
import testlink
tls = testlink.TestLinkHelper().connect(testlink.TestlinkAPIClient)
tls.countProjects()
Check out TestLink API Documentation to learn more
In a glance your XML-RPC URL seems wrong. It should be
http://YOURSERVER/testlink/lib/api/xmlrpc/v1/xmlrpc.php
I'm using Python's SUDs lib to access Sharepoint web services.
I followed the standard doc from Suds's website.
For the past 2 days, no matter which service I access, the remote service always returns 403 Forbidden.
I'm using Suds 0.4 so it has built-in support for accessing Python NTLM.
Let me know if anyone has a clue about this.
from suds import transport
from suds import client
from suds.transport.https import WindowsHttpAuthenticated
import logging
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.client').setLevel(logging.DEBUG)
ntlm = WindowsHttpAuthenticated(username='USER_ID', password='PASS')
c_lists = client.Client(url='https://SHAREPOINT_URL/_vti_bin/Lists.asmx?WSDL', transport=ntlm)
#c_lists = client.Client(url='https://SHAREPOINT_URL/_vti_bin/spsearch.asmx?WSDL')
#print c_lists
listsCollection = c_lists.service.GetListCollection()
Are you specifying the username as DOMAIN\USER_ID as indicated in examples for the python-ntlm library? (Also see this answer).
I'd like to replace an app's current (badly busted and crufty) cURL-based (cURL command-line based!) SOAP client with suds or soap.py. Trouble is, we have to contact an MS CRM service, and therefore must use NTLM. For a variety of reasons the NTLM proxy is a bit of a pain to use, so I'm looking into python-ntlm to provide that support.
Can suds or soap.py be made to use this authentication method? If so, how? If not, any other suggestions would be fantastic.
Edit
As noted below, suds already supports python-ntlm out of the box.
Suds was fixed to support it since 0.3.8.
Sources of python-suds-0.3.9\suds\transport\https.py says:
class WindowsHttpAuthenticated(HttpAuthenticated):
"""
Provides Windows (NTLM) http authentication.
#ivar pm: The password manager.
#ivar handler: The authentication handler.
"""
def u2handlers(self):
# try to import ntlm support
try:
from ntlm import HTTPNtlmAuthHandler
except ImportError:
raise Exception("Cannot import python-ntlm module")
handlers = HttpTransport.u2handlers(self)
handlers.append(HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(self.pm))
return handlers
Try with the following snippet as described here:
from suds.transport.https import WindowsHttpAuthenticated
ntlm = WindowsHttpAuthenticated(username='xx', password='xx')
client = Client(url, transport=ntlm)
Another approach would be to call your curl command during soap exceptions and then initiate a retry.
something like...
curl -x websenseproxy:8080 --ntlm -U domain\user:password --insecure https://blah.com/prod/webservice.asmx?WSDL
#insecure is used for self signed certs
You can use CNTLM as a local proxy service which will handle all the NTLM authentication calls. Then you just reference the local CNTLM proxy IP and port with no authentication using soapy or urllib2... whatever really.
I've yet to find a python library that deals with complex proxies well.