INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: MCWS Authentication Qs  (Read 3903 times)

jmone

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 14464
  • I won! I won!
MCWS Authentication Qs
« on: April 08, 2016, 07:13:46 pm »

Can I clarify how MCWS Authentication works (been working with Steve on his Amazon Echo integration and we are (or I am) confused)?

I see in the Activity Log different behavious pending what is connecting to the Library Server, eg:
- Library Server Clients issue an initial "GET: http://192.168.xxx.xxx:52199/MCWS/v1/Authenticate" and then POSTS / GETS after that with no Token

- If I use a Local Web Session I get a Initial Logon box but don't see an "Authentication" event in MC but straight to a page like
GET: http://localhost:52199/MCWS/v1/doc with no Token

- In my scripts (see below for how I call them), I get a pair of activities but no "Authenticate" when I make calls
GET: http://127.0.0.1:52199/MCWS/v1/File/CreateParticle?File=3497052&FileType=Key&Count=1   0 bytes   0:00.000
GET: http://127.0.0.1:52199/MCWS/v1/File/CreateParticle?File=3497052&FileType=Key&Count=1   129 bytes   0:00.007

- Steve's Amazon Echo Integration however seems to require issuing these calls to be able to connect from over the Interweb
GET: http://122.xxx.xxx.xxx:52199/MCWS/v1/Authenticate
GET: http://122.xxx.xxx.xxx:52199/MCWS/v1/Files/Search?Query=[Album]=top&Token=8DigitCode&Zone=-1&ZoneType=ID&Fields=Album%20Artist%20(auto),Album

So a few Q:
- If Steve issues an Authenticate up front do you need the "Token" in the subsequent calls (or is this call required to get a Token)
- What is the Token that is being used?  It is an 8 Digit Token that is not the same as my 6 Digit "Access Key" - eg is it a one time token for that session and does it matter that it is in the clear? 
- Under what circumstance do you need to include a Token in calls
- For my scripts do I care that a see a Pair of Calls (the first one is always 0 Bytes, the Second with Data)

Thanks
Nathan

PS - Here is the code I use in my scripts
Code: [Select]
  WinHTTP := ComObjCreate("WinHTTP.WinHttpRequest.5.1")
  ComObjError(false)
  WinHTTP.Open("GET", MC_Call)
  WinHTTP.SetCredentials(MC_UserName,MC_Password,0)
  WinHTTP.SetRequestHeader("Content-type", "application/x-www-form-urlencoded")
  Body = ""
  WinHTTP.Send(Body)
  Result := WinHTTP.ResponseText
  Status := WinHTTP.Status
Logged
JRiver CEO Elect

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10938
Re: MCWS Authentication Qs
« Reply #1 on: April 09, 2016, 08:35:09 am »

MCWS supports two ways to authenticate, either by using a Token, or using HTTP authentication (ie. the login box the browser shows). Your browser will then store the login information and just keep sending it on any subsequent request, so you only get it once in a session.
This is also what MC Clients do, they check the credentials once using the Authenticate call, and if they are accepted they keep sending them with every request otherwise in the HTTP headers.

So in short, you need to provide some sort of authentication with every request if the server requires auth. Either a Token, or a HTTP Authorization header.
Tokens are generated for your client specifically and IIRC are also tied to the IP address of the request, and a certain lifetime, so they expire if not used for a while (although the timeout is relatively long).
Logged
~ nevcairiel
~ Author of LAV Filters

jmone

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 14464
  • I won! I won!
Re: MCWS Authentication Qs
« Reply #2 on: April 09, 2016, 05:03:07 pm »

Perfect Explanation - thanks Hendrik
Logged
JRiver CEO Elect

sarkonovich

  • Galactic Citizen
  • ****
  • Posts: 312
Re: MCWS Authentication Qs
« Reply #3 on: April 09, 2016, 06:58:13 pm »

Yes, thanks!

Steve
Logged
JRiver 21 Linux (ARM) on Pine 64 => PS Audio DirectWave DAC => ATC 50asl speakers. JRiver controlled by House Band on Amazon Echo
Pages: [1]   Go Up