Cannot access tempo-db using Casablanca

Aug 13, 2013 at 4:19 AM
Hello,
I use modified test project based on BingRequest project.
I am trying to run basic query to the tempo-db sample server without luck.
URL is "http://api.tempo-db.com/v1/series",
user name e83176497a8e444fb4dd30cc1206c211, password 96f97d89a4cd41b0a8e063c91e3be398
Running GET request should succeed (with status code 200). And it does succeed when I use Google's REST API, as well as the console on on tempo-db web site. But when I run it from the modified BingRequest project, I get error code 403(Forbidden). The original BingRequest works fine.
Any idea what can be wrong here?

Thank you, Ravil
Coordinator
Aug 15, 2013 at 4:58 PM
Hi Ravil,

I'm trying this out and I'll get back to you here.

Thanks,
Steve
Aug 15, 2013 at 5:55 PM
Hi Steve,
I wonder is it something to do with the user authentication? Dis you try to use the Casablanca with authentication?
Thank you, Ravil
Coordinator
Aug 16, 2013 at 1:10 AM
Hi Ravil,

Ok I tried out the URL you give with Casablanca in both a desktop (WinHttp) and store (IXMLHttpRequest2) application. I was using the following code:
http_client_config config;
config.set_credentials(credentials(U("e83176497a8e444fb4dd30cc1206c211"), U("96f97d89a4cd41b0a8e063c91e3be398")));
http_client client(U("http://api.tempo-db.com/v1/series"), config);
auto response = client.request(methods::GET).get();
I also tried using C# with HttpClient:
HttpClientHandler h = new HttpClientHandler();
h.PreAuthenticate = true;
h.Credentials = new NetworkCredential("e83176497a8e444fb4dd30cc1206c211", "96f97d89a4cd41b0a8e063c91e3be398");
HttpClient c = new HttpClient(h);
HttpResponseMessage response = c.GetAsync("http://api.tempo-db.com/v1/series/").Result;
In all cases I always got back 403 Forbidden. What platform are you running Casablanca on?

Thanks,
Steve
Aug 16, 2013 at 1:19 AM
I am running C++ version, very similar to your code. OS is Windows 8. And I get the same error, 403.
I believe you did test, but anyway, to confirm, does it work using user name/password credentials against other servers?
If yes, then perhaps I should contact tempo-db for help.
Thank you, Ravil
Coordinator
Aug 16, 2013 at 10:18 PM
Hi Ravil,

Yes we have done testing with our http_client using authentication with credentials. I also just tried myself setting up a server in IIS with basic authentication and had no troubles with our client. I also tried using the site http://httpbin.org/ and had no problem with authentication.

Normally the way authentication works is first the client makes a simple request without any credentials to the server. The server then will challenge the client with a status code of 401 Unauthorized including the WWW-Authenticate header specifying the authentication schemes it supports. The client will then pick from the list of authentication schemes and reply accordingly this time with credentials.

It seems weird that the server you are trying to reach is returning Forbidden and doesn't include any WWW-Authenticate header so clients don't know how to respond.

Thanks,
Steve
Aug 16, 2013 at 11:38 PM
Thank you Steve,
I will contact Tempo-db to figure out, why their server behave differently than as expected by the Casablanca,
Aug 21, 2013 at 3:54 PM
Hi all,

Andrew from TempoDB here.

Steve and Ravil, you are correct that we currently respond with a 403 to both unauthorized and forbidden access attempts.

Since we're an API, most clients are not interactive and this works fine. I see how responding with 401 would make integrating with a standard HTTP client easier, and is an easy change on our side.

I will update here when that change is released.


Thanks for the suggestion!