Page 1 of 1

REST call CDS Login for Serviio version 2

PostPosted: Wed Feb 12, 2020 10:19 pm
by gmor1207
I am trying to code for the Login REST call via VB.NET.

If I take the values from the REST docs, and create the user and password used in the example, the login completes as expected.
request.Headers.Add("authorization", "Serviio UserName=some user, Signature=qj8iVn3vTCQEnuaOzmPmVqxkF/c=")

But when I attempt to recreate the signature via code then I get the result as seen in the example
request.Headers.Add("authorization", "Serviio HKS3OvMF5qkM1BulBhAukntIGZU=")

Why does the example differ from the text? When I send the signature of HKS3OvMF5qkM1BulBhAukntIGZU= it fails.

Here is my code.

'user name
Login.TextBox1.Text = "some user"
Login.TextBox2.Text = "password"

'Calculate a unique hashing string, which is an RFC 2104-compliant HMAC-SHA1 hash, using a string
'<username>:<password> (for example my user:password) And the user's password as the key. Convert the
'resulting value to base64.

'credential signature
Dim MyAuthorization = Convert.ToBase64String(System.Text.UnicodeEncoding.Default.GetBytes(Login.TextBox1.Text + ":" + Login.TextBox2.Text))

value returned:

'create unique hashing key with users password
Dim mykey As HMACSHA1 = New HMACSHA1(System.Text.UnicodeEncoding.Default.GetBytes(Login.TextBox2.Text))
'hash value username:password encrypted with password
Dim nauth_signature = Convert.ToBase64String(mykey.ComputeHash(System.Text.UnicodeEncoding.Default.GetBytes(MyAuthorization)))

value returned:

'data to hash
Dim ndata As String = "Thu, 14 Aug 2008 17:08:48 GMT"
'create new hash for ndata
Dim mykey2 As HMACSHA1 = New HMACSHA1(System.Text.UnicodeEncoding.Default.GetBytes(nauth_signature))
'hash value ndata (date) with key of nauth_signature
Dim auth_signature = Convert.ToBase64String(mykey.ComputeHash(System.Text.UnicodeEncoding.Default.GetBytes(ndata)))

value returned:

Re: REST call CDS Login for Serviio version 2

PostPosted: Thu Feb 13, 2020 10:58 am
by zip
I think you're missing creating HMAC SHA1 has from the username:password string (using password as the key).

try it here:

1. base64(hmac("some user:password", "password") )-> QaZ5aUlGS7bypCgZPLbWJ3QBWbE=
2. base64(hmac("Thu, 14 Aug 2008 17:08:48 GMT", "QaZ5aUlGS7bypCgZPLbWJ3QBWbE=")) -> qj8iVn3vTCQEnuaOzmPmVqxkF/c=

Re: REST call CDS Login for Serviio version 2

PostPosted: Fri Feb 14, 2020 8:16 pm
by gmor1207
Thanks for the online generator. I was able to figure it out. Here is the fixed code if anyone is interested.

Note: Login.TextBox1.Text is the user name value, Login.TextBox2.Text is the user password value

Dim enc = Encoding.ASCII
Dim HMAC As HMACSHA1 = New HMACSHA1(enc.GetBytes(Login.TextBox2.Text))
Dim buffer As Byte() = enc.GetBytes(Login.TextBox1.Text + ":" + Login.TextBox2.Text)
Dim NSString = Convert.ToBase64String(HMAC.ComputeHash(buffer))

Dim enc2 = Encoding.ASCII
Dim HMAC2 As HMACSHA1 = New HMACSHA1(enc2.GetBytes(NSString))
Dim buffer2 As Byte() = enc2.GetBytes(Date.Now.ToString("R"))
Dim AuthorizationSignature = Convert.ToBase64String(HMAC2.ComputeHash(buffer2))