Scott Dock

Help:  Can not access v2 API with Basic Authentication

Discussion created by Scott Dock on Oct 31, 2016
Latest reply on Nov 1, 2016 by Robert Dell'Immagine

I am able to access the WAS API via C# using Basic Authentication (base64 encoding of "username:password") with no problems at all.  

 

However, that same logic (basic authentication with base64 encoding of "username:password") does not work with the V2 API.  

 

I am currently trying to connect via a small C# console application (source code below) and receiving the following:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qg2.apps.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2016-10-31T18:25:51Z</DATETIME>
<CODE>2000</CODE>
<TEXT>Bad Login/Password</TEXT>
</RESPONSE>
</SIMPLE_RETURN>

 

Question #1 - Is it true that the v2 API uses a different authentication method than the WAS API?  According to v8.8 of the Qualys API V2 User Guide, page 10, it states "... or basic HTTP authentication using uuencoded credentials passed with each request."   Since that is not the same as base64 encoding, I am assuming that the 2 APIs use different means to encode credentials (WAS Base64, V2 UUENCODE).   Is this true? 

 

Question #2 - Any other .net developers run into this issue? 

The example code in https://community.qualys.com/docs/DOC-4523#jive_content_id_API_v2  (spectifically C# API v2 example) does not work.  It too results in the error message above.

 

Thanks in advance. I am desperate for a solution to this block.  

 

My source code (just using new C# Console Application, running on Visual Studio 2015) - designed to return KB details for a specific vulnerability.

 

using System;

using System.Collections.Generic;

using System.Linq;

using System.Net.Http;

using System.Net.Http.Headers;

using System.Text;

using System.Threading.Tasks;

 

namespace SimpleQualysTester

{

    class Program

    {

        static void Main(string[] args)

        {

            RunTest().Wait();

        }

 

        private async static Task RunTest()

        {

            var client = new HttpClient();

            client.BaseAddress = new Uri("https://qualysapi.qg2.apps.qualys.com/api/2.0/fo/");

            client.DefaultRequestHeaders.Accept.Clear();

            client.DefaultRequestHeaders.Add("X-Requested-With", "MicrosoftNet");

            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", "myusername:mypwd");

            HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Post, $"knowledge_base/vuln/?action=list&ids=150123");

            HttpResponseMessage httpResponse = await client.SendAsync(requestMessage);

            var responseBody = await httpResponse.Content.ReadAsStringAsync();

 

 

            Console.WriteLine($"Result is {responseBody}");

            Console.WriteLine("Press ENTER to continue...");

            Console.ReadLine();

        }

 

    }

}

Outcomes