After first user was created (in my case with user name “root” and password “root”), AXIS P3301 (firmware 5.11.2) returns NotAuthorized soap fault, for any onvif-request:
<SOAP-ENV:Fault
SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding"
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>
The action requested requires authorization and the sender is not authorized
</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
According to ONVIF specification 1.02, I use user name token profile for authentication which is described in specification http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf.
Below is the Script that I use to form soap request:
xquery version "1.0";
declare copy-namespaces no-preserve, inherit;
<s:Envelope
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<o:Security
s:mustUnderstand="true"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
<o:Username>{model/userName/text()}</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">
{model/passwordDigest/text()}
</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
{model/nonce/text()}
</o:Nonce>
<u:Created>{model/created/text()}</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
</s:Body>
</s:Envelope>
Here is my code for sending request:
static byte[] sha1(params byte[][] parts) {
var data = parts.Concat().ToArray();
var hasher = SHA1.Create();
return hasher.ComputeHash(data);
}
static string userName = "root";
static string password = "root";
static void Main(string[] args) {
Init();
var uri = @"http://192.168.5.71/onvif/services";
var nonce = new byte[] {1,2,3,4};
var created = System.DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ");
try {
var body = SendSoapRequest(uri, "GetDeviceInformation.xq", new {
userName = userName,
passwordDigest = sha1(
nonce,
created.ToUtf8(),
password.ToUtf8()
).ToBase64(),
nonce = nonce.ToBase64(),
created = created,
});
using (var _w = new XmlTextWriter(Console.Out)) {
_w.Formatting = Formatting.Indented;
body.WriteTo(_w);
}
}catch(SoapFaultException err){
var fault = err.fault;
using (var _w = new XmlTextWriter(Console.Out)) {
_w.Formatting = Formatting.Indented;
fault.WriteTo(_w);
}
}
}
Wireshark log of request:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
s:mustUnderstand="true">
<o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
<o:Username>root</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">MQ52wETdmCuGHmCsYED3FGrQ0UE=</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">AQIDBA==</o:Nonce>
<u:Created>2011-03-03T12:23:28.499Z</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
</s:Body>
</s:Envelope>
Wirehark log of response:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope"
xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsa5="http://www.w3.org/2005/08/addressing"
xmlns:xmime5="http://www.w3.org/2005/05/xmlmime"
xmlns:wsrf-bf="http://docs.oasis-open.org/wsrf/bf-2"
xmlns:wstop="http://docs.oasis-open.org/wsn/t-1"
xmlns:tt="http://www.onvif.org/ver10/schema"
xmlns:wsrf-r="http://docs.oasis-open.org/wsrf/r-2"
xmlns:tan1="http://www.onvif.org/ver10/analytics/wsdl/RuleEngineBinding"
xmlns:tan="http://www.onvif.org/ver10/analytics/wsdl"
xmlns:tan2="http://www.onvif.org/ver10/analytics/wsdl/AnalyticsEngineBinding"
xmlns:tds="http://www.onvif.org/ver10/device/wsdl"
xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding"
xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding"
xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding"
xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding"
xmlns:tev="http://www.onvif.org/ver10/events/wsdl"
xmlns:timg="http://www.onvif.org/ver10/imaging/wsdl"
xmlns:tptz="http://www.onvif.org/ver10/ptz/wsdl"
xmlns:trt="http://www.onvif.org/ver10/media/wsdl"
xmlns:ter="http://www.onvif.org/ver10/error"
xmlns:tns1="http://www.onvif.org/ver10/topics"
xmlns:tnsaxis="http://www.axis.com/2009/event/topics">
<SOAP-ENV:Header></SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>The action requested requires authorization and the sender is not authorized</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Where I was wrong? (With Bosch VIP X1 XF IVA it works)
I don't see where you specify the "tds" namespace (which should be "http://www.onvif.org/ver10/device/wsdl") in your soap envelope. I had the same problem: a typo in my request, and my camera answered with "http 401 not authorized".
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With