ONVIF:使用 ONVIF 协议对 AXIS P3301 进行身份验证失败
[英]ONVIF: Authentication failure with AXIS P3301 using ONVIF protocol
问题描述
After first user was created (in my case with user name “root” and password “root”), AXIS P3301 (firmware 5.11.2) returns NotAuthorized soap fault, for any onvif-request:
创建第一个用户后(在我的例子中,用户名为“root”,密码为“root”),AXIS P3301(固件 5.11.2)针对任何 onvif 请求返回NotAuthorized soap 错误:
<SOAP-ENV:Fault
SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding"
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>
The action requested requires authorization and the sender is not authorized
</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
According to ONVIF specification 1.02, I use user name token profile for authentication which is described in specification http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf .根据ONVIF规范 1.02,我使用用户名令牌配置文件进行身份验证,该配置文件在规范http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0 中描述.pdf
Below is the Script that I use to form soap request:下面是我用来形成soap请求的脚本:
xquery version "1.0";
declare copy-namespaces no-preserve, inherit;
<s:Envelope
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<o:Security
s:mustUnderstand="true"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
<o:Username>{model/userName/text()}</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">
{model/passwordDigest/text()}
</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
{model/nonce/text()}
</o:Nonce>
<u:Created>{model/created/text()}</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
</s:Body>
</s:Envelope>
Here is my code for sending request:这是我发送请求的代码:
static byte[] sha1(params byte[][] parts) {
var data = parts.Concat().ToArray();
var hasher = SHA1.Create();
return hasher.ComputeHash(data);
}
static string userName = "root";
static string password = "root";
static void Main(string[] args) {
Init();
var uri = @"http://192.168.5.71/onvif/services";
var nonce = new byte[] {1,2,3,4};
var created = System.DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ");
try {
var body = SendSoapRequest(uri, "GetDeviceInformation.xq", new {
userName = userName,
passwordDigest = sha1(
nonce,
created.ToUtf8(),
password.ToUtf8()
).ToBase64(),
nonce = nonce.ToBase64(),
created = created,
});
using (var _w = new XmlTextWriter(Console.Out)) {
_w.Formatting = Formatting.Indented;
body.WriteTo(_w);
}
}catch(SoapFaultException err){
var fault = err.fault;
using (var _w = new XmlTextWriter(Console.Out)) {
_w.Formatting = Formatting.Indented;
fault.WriteTo(_w);
}
}
}
Wireshark log of request:请求的 Wireshark 日志:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
s:mustUnderstand="true">
<o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
<o:Username>root</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">MQ52wETdmCuGHmCsYED3FGrQ0UE=</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">AQIDBA==</o:Nonce>
<u:Created>2011-03-03T12:23:28.499Z</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
</s:Body>
</s:Envelope>
Wirehark log of response: Wirehark 响应日志:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope"
xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsa5="http://www.w3.org/2005/08/addressing"
xmlns:xmime5="http://www.w3.org/2005/05/xmlmime"
xmlns:wsrf-bf="http://docs.oasis-open.org/wsrf/bf-2"
xmlns:wstop="http://docs.oasis-open.org/wsn/t-1"
xmlns:tt="http://www.onvif.org/ver10/schema"
xmlns:wsrf-r="http://docs.oasis-open.org/wsrf/r-2"
xmlns:tan1="http://www.onvif.org/ver10/analytics/wsdl/RuleEngineBinding"
xmlns:tan="http://www.onvif.org/ver10/analytics/wsdl"
xmlns:tan2="http://www.onvif.org/ver10/analytics/wsdl/AnalyticsEngineBinding"
xmlns:tds="http://www.onvif.org/ver10/device/wsdl"
xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding"
xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding"
xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding"
xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding"
xmlns:tev="http://www.onvif.org/ver10/events/wsdl"
xmlns:timg="http://www.onvif.org/ver10/imaging/wsdl"
xmlns:tptz="http://www.onvif.org/ver10/ptz/wsdl"
xmlns:trt="http://www.onvif.org/ver10/media/wsdl"
xmlns:ter="http://www.onvif.org/ver10/error"
xmlns:tns1="http://www.onvif.org/ver10/topics"
xmlns:tnsaxis="http://www.axis.com/2009/event/topics">
<SOAP-ENV:Header></SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>The action requested requires authorization and the sender is not authorized</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Where I was wrong?我哪里错了? (With Bosch VIP X1 XF IVA it works) (使用 Bosch VIP X1 XF IVA 它可以工作)
2 个解决方案
解决方案1
1 2014-01-24 19:42:42
I don't see where you specify the "tds" namespace (which should be " http://www.onvif.org/ver10/device/wsdl ") in your soap envelope.我没有看到您在soap信封中指定“tds”命名空间(应该是“ http://www.onvif.org/ver10/device/wsdl ”)的位置。 I had the same problem: a typo in my request, and my camera answered with "http 401 not authorized".我遇到了同样的问题:我的请求中有一个错字,我的相机回答了“http 401 未授权”。
解决方案2
0 2021-02-07 17:47:30
It seems, your camera supports WSS Username Token authentication, but you have specified wrong username/password.您的相机似乎支持 WSS 用户名令牌认证,但您指定的用户名/密码错误。 I had the same issue with AXIS P3905.我在 AXIS P3905 上遇到了同样的问题。 The right credentials solved my problem正确的凭据解决了我的问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.