I'm using Python's SUDs lib to access Sharepoint web services.
I followed the standard doc from Suds's website.
For the past 2 days, no matter which service I access, the remote service always returns 403 Forbidden.
I'm using Suds 0.4 so it has built-in support for accessing Python NTLM.
Let me know if anyone has a clue about this.
from suds import transport
from suds import client
from suds.transport.https import WindowsHttpAuthenticated
import logging
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.client').setLevel(logging.DEBUG)
ntlm = WindowsHttpAuthenticated(username='USER_ID', password='PASS')
c_lists = client.Client(url='https://SHAREPOINT_URL/_vti_bin/Lists.asmx?WSDL', transport=ntlm)
#c_lists = client.Client(url='https://SHAREPOINT_URL/_vti_bin/spsearch.asmx?WSDL')
#print c_lists
listsCollection = c_lists.service.GetListCollection()
Are you specifying the username as DOMAIN\USER_ID as indicated in examples for the python-ntlm library? (Also see this answer).
Related
I would like to access a webapi by a script(bash or python), which is protected by mod_openidc/apache2 and an self-hosted ADFS.
For the authentication, a certificate from a smartcard or locally stored certificate is required.
I already tried several approaches with python or curl, but got no nearly working script.
approach at python:
from oauthlib.oauth2 import BackendApplicationClient
from requests_oauthlib import OAuth2Session
client_id="abcdef-abcd-abcd-abcd-abcdefghijk"
client = BackendApplicationClient(client_id=client_id)
#client = BackendApplicationClient()
oauth = OAuth2Session(client=client)
protected_url="https://protectedurl/page/"
oauth.fetch_token(token_url='https://sts.myserver.net/adfs/oauth2/token/', include_client_id=True, cert=('/home/user/cert.pem', '/home/user/server.key'))
which lead to: "oauthlib.oauth2.rfc6749.errors.InvalidClientError: (invalid_client) MSIS9627: Received invalid OAuth client credentials request. Client credentials are missing or found empty"
curl:
curl --cert /home/user/cert.pem --key /home/user/server.key
https://sts.example.net/adfs/oauth2/authorize/?response_type=code&scope=openid%20email%20profile%20allatclaims&client_id=XXX&state=XXXredirect_uri=https%3A%2F%2Fexample.net%2Fpage%2Fredirect_uri&nonceXXX
Which gives the sts page in html
So I think I dont have some small bug, but a wrong approach
Since it works in a browser, I dont suggest a issue on server side
Any approaches and examples are warmly welcome
I'm trying to read this Soap API 'https://www.shab.ch/soapserver' using Python's Zeep.
from requests import Session
from requests.auth import HTTPBasicAuth
from zeep import Client
from zeep.transports import Transport
session = Session()
session.auth = HTTPBasicAuth('MYUSERNAME', 'MYPASSWORD')
client = Client('https://www.shab.ch/shabforms/acmsservice?wsdl',
transport=Transport(session=session))
But get the following error message:
HTTPError: 403 Client Error: Forbidden for url:
https://www.shab.ch/shabforms/acmsservice?wsdl
Can anybody see what I am doing wrongly here?
It doesn't seem that Python is your problem. Instead you have a rights issue for the WSDL file. A quick Googling turned up:
https://www.shab.ch/soapserver
https://www.shab.ch/shabforms/soapserver?wsdl
You don't have permission to go to that part of the Shab.ch server. You need a username and password. Contact: info#sogc.ch
My goal is to authenticate my client that uses the requests library (2.11.1) in Python 3.5.2 through NTLM with SSPI so that the user does not have to manually enter her domain credentials (used to login to the PC).
I have found the following possibilities, but none work for me:
HttpNtlmSspiAuth provokes an exception in requests:
import requests
from requests_ntlm import HttpNtlmAuth, HttpNtlmSspiAuth
requests.get(site_url, auth=HttpNtlmSspiAuth())
requests-sspi-ntlm always gets a 401:
import requests
from requests_sspi_ntlm import HttpNtlmAuth
session = requests.Session()
session.auth = HttpNtlmAuth()
session.get("http://ntlm_protected_site.com")
And requests-negotiate-sspi also triggers an exception in requests:
import requests
from requests_negotiate_sspi import HttpNegotiateAuth
r = requests.get('https://iis.contoso.com', auth=HttpNegotiateAuth())
Am I doing something wrong?
The package requests-negotiate-sspi works for me.
I probably had the same issue with PO, but I was too lazy to try PO's solution and integrate PO's code into mine. And Google helped me out. In case anyone encounters the same exception raised from sspi.py ValueError: year 30828 is out of range, it's a known issue for python 3.6 of requests-negotiate-sspi. See here: Github-Issue
I solved this by creating a new conda environment with python 3.4. Then reinstall some dependencies as well as requests-negotiate-sspi, boom, all works.
Same issue here but solved when I realized I was in a adm account that doesn’t have authorization to that resource uri.
I'd like to replace an app's current (badly busted and crufty) cURL-based (cURL command-line based!) SOAP client with suds or soap.py. Trouble is, we have to contact an MS CRM service, and therefore must use NTLM. For a variety of reasons the NTLM proxy is a bit of a pain to use, so I'm looking into python-ntlm to provide that support.
Can suds or soap.py be made to use this authentication method? If so, how? If not, any other suggestions would be fantastic.
Edit
As noted below, suds already supports python-ntlm out of the box.
Suds was fixed to support it since 0.3.8.
Sources of python-suds-0.3.9\suds\transport\https.py says:
class WindowsHttpAuthenticated(HttpAuthenticated):
"""
Provides Windows (NTLM) http authentication.
#ivar pm: The password manager.
#ivar handler: The authentication handler.
"""
def u2handlers(self):
# try to import ntlm support
try:
from ntlm import HTTPNtlmAuthHandler
except ImportError:
raise Exception("Cannot import python-ntlm module")
handlers = HttpTransport.u2handlers(self)
handlers.append(HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(self.pm))
return handlers
Try with the following snippet as described here:
from suds.transport.https import WindowsHttpAuthenticated
ntlm = WindowsHttpAuthenticated(username='xx', password='xx')
client = Client(url, transport=ntlm)
Another approach would be to call your curl command during soap exceptions and then initiate a retry.
something like...
curl -x websenseproxy:8080 --ntlm -U domain\user:password --insecure https://blah.com/prod/webservice.asmx?WSDL
#insecure is used for self signed certs
You can use CNTLM as a local proxy service which will handle all the NTLM authentication calls. Then you just reference the local CNTLM proxy IP and port with no authentication using soapy or urllib2... whatever really.
I've yet to find a python library that deals with complex proxies well.
I want to use Sharepoint with python (C-Python)
Has anyone tried this before ?
I suspect that since this question was answered the SUDS library has been updated to take care of the required authentication itself. After jumping through various hoops, I found this to do the trick:
from suds import WebFault
from suds.client import *
from suds.transport.https import WindowsHttpAuthenticated
user = r'SERVER\user'
password = "yourpassword"
url = "http://sharepointserver/_vti_bin/SiteData.asmx?WSDL"
ntlm = WindowsHttpAuthenticated(username = user, password = password)
client = Client(url, transport=ntlm)
To get the wsdl :
import sys
# we use suds -> https://fedorahosted.org/suds
from suds import WebFault
from suds.client import *
import urllib2
# my 2 url conf
# url_sharepoint,url_NTLM_authproxy
import myconfig as my
# build url
wsdl = '_vti_bin/SiteData.asmx?WSDL'
url = '/'.join([my.url_sharepoint,wsdl])
# we need a NTLM_auth_Proxy -> http://ntlmaps.sourceforge.net/
# follow instruction and get proxy running
proxy_handler = urllib2.ProxyHandler({'http': my.url_NTLM_authproxy })
opener = urllib2.build_opener(proxy_handler)
client = SoapClient(url, {'opener' : opener})
print client.wsdl
main (mean) problem:
the sharepoint-server uses a NTLM-Auth [ :-( ]
so i had to use the NTLM-Auth-Proxy
To Rob and Enzondio : THANKS for your hints !
SOAP with Python is pretty easy. Here's a tutorial from Dive Into Python.
SharePoint exposes several web services which you can use to query and update data.
I'm not sure what web service toolkits there are for Python but they should be able to build proxies for these services without any issues.
This article should give you enough information to get started.
http://www.developer.com/tech/article.php/3104621