Возвращаются не все cvookies при авторизации через AuthService.svc

Здравствуйте.
По идее, сессионный куки должен вернуться следующим запросом к приложению, а не к загрузчику.

Здравствуйте!

В документации сказано, что делаем запрос на авторизацию и куки, которые вернулись нужно передавать в последующие запросы.

Когда делаю так, возвращается 401 ошибка.

Поэтому я и проверил через расширение. В нем после запроса на авторизацию сразу приходит BPMSESSIONID, что логично, по-моему.

А можно взглянуть на запрос, который Вы отправляете?

"Александр Зубков" написал:

А можно взглянуть на запрос, который Вы отправляете?

Да.

GET запрос на
[code]
25-May-2016 16:51:35.741 INFO [http-nio-8443-exec-2] org.glassfish.jersey.filter.LoggingFilter.log 1 * Sending client request on thread http-nio-8443-exec-2
1 > GET https://phonetcomua.bpmonline.com/0/ServiceModel/EntityDataService.svc/…
1 > Cookie: BPMSESSIONID=2jv1su0azu1kqpcy1jip4m4r;Version=1,.ASPXAUTH=01FF6F8F02911836A45EF840B527B75130FE1FFB263C1453F8A2C727370CAEEBF3DFD7773DA5C4FE0052509FC902AF8D80B5E91CB88309E5774A310E8E6711A8E27D9B185E3ECA38AD7D9F04F811DD11D82D2229299D3A13A2067ECE3B6FEE115658D844389757D4219890703C3CE3766482B86688E38F0FD3B660F878FA1D61F7AAED7CFE0564F56AAFBF5668B7882F6E8905928636E9CE1CF7305675E44058FB157B45D6BC830D7F74087FA9D2617A7312FE87413F932A7FD089D63F401B2929ABD44C20E5CE877E57E0C8C93C2799DBCCE844A2A20EC7B05A172E858424BDE13E6F1069877CD203E199674A92B7BEBB97E6C661470E9A23ADFCBF8C7D392436ED9195BCC9E171CC8EAF1E45DA346A4C537715;Version=1,BPMLOADER=zkjjiebb4gomec40pk1yemcy;Version=1,UserName="68, 101, 118, 101, 108, 111, 112, 101, 114";Version=1,BPMSESSIONID=2jv1su0azu1kqpcy1jip4m4r;Version=1,.ASPXAUTH=01FF6F8F02911836A45EF840B527B75130FE1FFB263C1453F8A2C727370CAEEBF3DFD7773DA5C4FE0052509FC902AF8D80B5E91CB88309E5774A310E8E6711A8E27D9B185E3ECA38AD7D9F04F811DD11D82D2229299D3A13A2067ECE3B6FEE115658D844389757D4219890703C3CE3766482B86688E38F0FD3B660F878FA1D61F7AAED7CFE0564F56AAFBF5668B7882F6E8905928636E9CE1CF7305675E44058FB157B45D6BC830D7F74087FA9D2617A7312FE87413F932A7FD089D63F401B2929ABD44C20E5CE877E57E0C8C93C2799DBCCE844A2A20EC7B05A172E858424BDE13E6F1069877CD203E199674A92B7BEBB97E6C661470E9A23ADFCBF8C7D392436ED9195BCC9E171CC8EAF1E45DA346A4C537715;Version=1,BPMLOADER=zkjjiebb4gomec40pk1yemcy;Version=1,UserName="68, 101, 118, 101, 108, 111, 112, 101, 114";Version=1

25-May-2016 16:51:36.236 INFO [http-nio-8443-exec-2] org.glassfish.jersey.filter.LoggingFilter.log 2 * Client response received on thread http-nio-8443-exec-2
2 < 401
2 < Cache-Control: private
2 < Content-Length: 6389
2 < Content-Type: text/html; charset=utf-8
2 < Date: Wed, 25 May 2016 13:51:20 GMT
2 < Server: Microsoft-IIS/8.5
2 < WWW-Authenticate: Basic
2 < X-Powered-By: ASP.NET

IIS 8.5 Detailed Error - 401.1 - Unauthorized

HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.

Most likely causes:

• The username supplied to IIS is invalid.
• The password supplied to IIS was not typed correctly.
• Incorrect credentials were cached by the browser.
• IIS could not verify the identity of the username and password provided.
• The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
• The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
• Invalid Kerberos configuration may be the cause if all of the following are true:
• Integrated authentication was used.
• the application pool identity is a custom account.
• the server is a member of a domain.

Things you can try:

• Verify that the username and password are correct, and are not cached by the browser.
• Use a different username and password.
• If you are using a custom anonymous account, verify that the password has not expired.
• Verify that the authenticating user or the user's group, has not been denied login access to the server.
• Verify that the account was not locked out due to numerous failed login attempts.
• If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.
• Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.

Detailed Error Information:

Module   AuthModule
Notification   EndRequest
Handler   svc-Integrated-4.0
Error Code   0x00000000

Requested URL   https://phonetcomua.bpmonline.com:443/0/ServiceModel/EntityDataService…
Physical Path   D:\App\phonetcomua\Terrasoft.WebApp\ServiceModel\EntityDataService.svc\LeadCollection
Logon Method   Not yet determined
Logon User   Not yet determined

More Information:
This error occurs when either the username or password supplied to IIS is invalid, or when IIS cannot use the username and password to authenticate the user.

View more information »

Microsoft Knowledge Base Articles:

• 907273
• 871179
• 896861

[/code]

Через Postman возвращает XML с данными, а если через Jersey(java-библиотека), получаю 401.

25-May-2016 17:00:17.050 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 3 * Sending client request on thread http-nio-8443-exec-10
3 > POST https://phonetcomua.bpmonline.com/ServiceModel/AuthService.svc/Login
3 > Accept: application/json
3 > Content-Type: application/json
{"UserName":"Developer","UserPassword":"Password"}

25-May-2016 17:00:17.147 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 4 * Client response received on thread http-nio-8443-exec-10
4 < 200
4 < Cache-Control: private
4 < Content-Length: 84
4 < Content-Type: application/json; charset=utf-8
4 < Date: Wed, 25 May 2016 14:00:00 GMT
4 < Location: /0
4 < Server: Microsoft-IIS/8.5
4 < Set-Cookie: UserName=68, 101, 118, 101, 108, 111, 112, 101, 114; expires=Fri, 24-Jun-2016 14:00:01 GMT; path=/; HttpOnly,.ASPXAUTH=B6CE704BC28B00303511E111A2C49FED9C626A2D1B630D24B2D621E84E9A758AC8D837E61C359C02E7CD6E3ABB2EC293E167CD753954949C5F114816676F61C3ED1CD7E9DCA769145CCE80BCE26948BFE588A030B64A446BC15F687B29E5A0D321FF6D09711E24E765B05B4E743D41EC5DDE4A05484446F79DECC8D37CA692D556CC54AB24D355A4EFD90D0B9A38AD5982AD941F0942D5C5758314EE7AC0DA62317C4505CF9B998B161050429109C83DDB76697522D4402478C615282EEA4328889425580751447BE7667DB33A532783E52A7486303B5C735480ECF02C25DB38CC52C78A1D196F7C23982F22ABB160C7C11EF7D0269969F32035906B3400EA2C7BDDB0F742A3A2C1F58025254588004A01F339EB; path=/; HttpOnly,BPMLOADER=cm20rhifoqh0xh2puzp0ovh4; path=/; HttpOnly,BPMLOADER=cm20rhifoqh0xh2puzp0ovh4; path=/; HttpOnly
4 < X-AspNet-Version: 4.0.30319
4 < X-Powered-By: ASP.NET
4 < X-Terrasoft-UserCulture: ru-RU
{"Code":0,"Message":"","Exception":null,"PasswordChangeUrl":null,"RedirectUrl":null}

78224 [http-nio-8443-exec-10] DEBUG teler.connector.bpmonline.BpmConnector  - authorize: Authorization is succeeded
25-May-2016 17:00:17.194 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 5 * Sending client request on thread http-nio-8443-exec-10
5 > GET https://phonetcomua.bpmonline.com/0/ServiceModel/EntityDataService.svc/LeadCollection?$select=Id,LeadName,OwnerId&$filter=MobilePhone+eq+'%2B380442246595'+or+BusinesPhone+eq+'%2B380442246595'&$top=1
5 > Cookie: UserName=68;Version=1;Path=/;HttpOnly;Expires=Fri, 24 Jun 2016 14:00:01 GMT,.ASPXAUTH=B6CE704BC28B00303511E111A2C49FED9C626A2D1B630D24B2D621E84E9A758AC8D837E61C359C02E7CD6E3ABB2EC293E167CD753954949C5F114816676F61C3ED1CD7E9DCA769145CCE80BCE26948BFE588A030B64A446BC15F687B29E5A0D321FF6D09711E24E765B05B4E743D41EC5DDE4A05484446F79DECC8D37CA692D556CC54AB24D355A4EFD90D0B9A38AD5982AD941F0942D5C5758314EE7AC0DA62317C4505CF9B998B161050429109C83DDB76697522D4402478C615282EEA4328889425580751447BE7667DB33A532783E52A7486303B5C735480ECF02C25DB38CC52C78A1D196F7C23982F22ABB160C7C11EF7D0269969F32035906B3400EA2C7BDDB0F742A3A2C1F58025254588004A01F339EB;Version=1;Path=/;HttpOnly,BPMLOADER=cm20rhifoqh0xh2puzp0ovh4;Version=1;Path=/;HttpOnly

78301 [http-nio-8443-exec-10] INFO teler.connector.bpmonline.BpmConnector  - Request 'https://phonetcomua.bpmonline.com/0/ServiceModel/EntityDataService.svc/LeadCollection' returns 401 status
25-May-2016 17:00:17.269 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 6 * Client response received on thread http-nio-8443-exec-10
6 < 401
6 < Cache-Control: private
6 < Content-Length: 6389
6 < Content-Type: text/html; charset=utf-8
6 < Date: Wed, 25 May 2016 14:00:00 GMT
6 < Server: Microsoft-IIS/8.5
6 < WWW-Authenticate: Basic
6 < X-Powered-By: ASP.NET
 
 
 
IIS 8.5 Detailed Error - 401.1 - Unauthorized 
 
 
 
 
 
 
 
 
  HTTP Error 401.1 - Unauthorized 
  You do not have permission to view this directory or page using the credentials that you supplied. 
 
 
 Most likely causes: 
  
 	
The username supplied to IIS is invalid.
 	
The password supplied to IIS was not typed correctly. 
 	
Incorrect credentials were cached by the browser.
 	
IIS could not verify the identity of the username and password provided.
 	
The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
 	
The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
 	
Invalid Kerberos configuration may be the cause if all of the following are true:
 	
 		
Integrated authentication was used.
 		
the application pool identity is a custom account.
 		
the server is a member of a domain.
 	
 
 
  
 
 
 Things you can try: 
  
 	
Verify that the username and password are correct, and are not cached by the browser.
 	
Use a different username and password.
 	
If you are using a custom anonymous account, verify that the password has not expired.
 	
Verify that the authenticating user or the user's group, has not been denied login access to the server.
 	
Verify that the account was not locked out due to numerous failed login attempts.
 	
If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.
 	
Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here. 
 
 
  
 
 
 
 Detailed Error Information: 
   
    
    Module   AuthModule 
    Notification   EndRequest 
    Handler   svc-Integrated-4.0 
    Error Code   0x00000000 
     
    
   
   
    
    Requested URL   https://phonetcomua.bpmonline.com:443/0/ServiceModel/EntityDataService.svc/LeadCollection?$select=Id,LeadName,OwnerId&$filter=MobilePhone+eq+'%2B380442246595'+or+BusinesPhone+eq+'%2B380442246595'&$top=1 
    Physical Path   D:\App\phonetcomua\Terrasoft.WebApp\ServiceModel\EntityDataService.svc\LeadCollection 
    Logon Method   Not yet determined 
    Logon User   Not yet determined 
     
    
    
   
  
 
 
 
 More Information: 
  This error occurs when either the username or password supplied to IIS is invalid, or when IIS cannot use the username and password to authenticate the user. 
  
View more information »
 
  
Microsoft Knowledge Base Articles:
 
 
907273
871179
896861
 
 
  
 
 
 
 

Здравствуйте.
На вскидку видно, что нужно передать http header-ы в запрос:
Authorization: Cookie
ForceUseSession: true

"Александр Зубков" написал:

Здравствуйте.

На вскидку видно, что нужно передать http header-ы в запрос:

Authorization: Cookie

ForceUseSession: true

Спасибо! Я попробую, но в документации об этом ни слова)