ONVIF: Authentication failure with AXIS P3301 using ONVIF protocol

camera video-streaming ip specifications onvif
14,818

I don't see where you specify the "tds" namespace (which should be "http://www.onvif.org/ver10/device/wsdl") in your soap envelope. I had the same problem: a typo in my request, and my camera answered with "http 401 not authorized".

Share:
14,818
andrey.ko
Author by

andrey.ko

Updated on June 14, 2022

Comments

  • andrey.ko
    andrey.ko almost 2 years

    After first user was created (in my case with user name “root” and password “root”), AXIS P3301 (firmware 5.11.2) returns NotAuthorized soap fault, for any onvif-request:

    <SOAP-ENV:Fault 
    SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding"
    xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope">
    <SOAP-ENV:Code>
        <SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
        <SOAP-ENV:Subcode>
            <SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
        </SOAP-ENV:Subcode>
    </SOAP-ENV:Code>
    <SOAP-ENV:Reason>
        <SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
    </SOAP-ENV:Reason>
    <SOAP-ENV:Detail>
        The action requested requires authorization and the sender is not authorized
    </SOAP-ENV:Detail>
</SOAP-ENV:Fault>

    According to ONVIF specification 1.02, I use user name token profile for authentication which is described in specification http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf.

    Below is the Script that I use to form soap request:

    xquery version "1.0";
declare copy-namespaces no-preserve, inherit;
<s:Envelope 
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    xmlns:s="http://www.w3.org/2003/05/soap-envelope">

    <s:Header>
        <o:Security
            s:mustUnderstand="true"
            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

            <o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
                <o:Username>{model/userName/text()}</o:Username>
                <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">
                    {model/passwordDigest/text()}
                </o:Password>
                <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
                    {model/nonce/text()}
                </o:Nonce>
                <u:Created>{model/created/text()}</u:Created>
            </o:UsernameToken>

        </o:Security>
    </s:Header>

    <s:Body>
        <tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
    </s:Body>

</s:Envelope>

    Here is my code for sending request:

    static byte[] sha1(params byte[][] parts) {
    var data = parts.Concat().ToArray();
    var hasher = SHA1.Create();
    return hasher.ComputeHash(data);
}

static string userName = "root";
static string password = "root";

static void Main(string[] args) {
    Init();
    var uri = @"http://192.168.5.71/onvif/services";
    var nonce = new byte[] {1,2,3,4};
    var created = System.DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ");
    try {
        var body = SendSoapRequest(uri, "GetDeviceInformation.xq", new {
            userName = userName,
            passwordDigest = sha1(
                nonce,
                created.ToUtf8(),
                password.ToUtf8()
            ).ToBase64(),
            nonce = nonce.ToBase64(),
            created = created,
        });

        using (var _w = new XmlTextWriter(Console.Out)) {
            _w.Formatting = Formatting.Indented;
            body.WriteTo(_w);
        }
    }catch(SoapFaultException err){
        var fault = err.fault;
        using (var _w = new XmlTextWriter(Console.Out)) {
            _w.Formatting = Formatting.Indented;
            fault.WriteTo(_w);
        }
    }
}

    Wireshark log of request:

    <s:Envelope 
    xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <o:Security 
            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
            s:mustUnderstand="true">
            <o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
                <o:Username>root</o:Username>
                <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">MQ52wETdmCuGHmCsYED3FGrQ0UE=</o:Password>
                <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">AQIDBA==</o:Nonce>
                <u:Created>2011-03-03T12:23:28.499Z</u:Created>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
    </s:Body>
</s:Envelope>

    Wirehark log of response:

    <?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope 
    xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" 
    xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
    xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
    xmlns:wsa5="http://www.w3.org/2005/08/addressing" 
    xmlns:xmime5="http://www.w3.org/2005/05/xmlmime" 
    xmlns:wsrf-bf="http://docs.oasis-open.org/wsrf/bf-2" 
    xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" 
    xmlns:tt="http://www.onvif.org/ver10/schema" 
    xmlns:wsrf-r="http://docs.oasis-open.org/wsrf/r-2" 
    xmlns:tan1="http://www.onvif.org/ver10/analytics/wsdl/RuleEngineBinding" 
    xmlns:tan="http://www.onvif.org/ver10/analytics/wsdl" 
    xmlns:tan2="http://www.onvif.org/ver10/analytics/wsdl/AnalyticsEngineBinding" 
    xmlns:tds="http://www.onvif.org/ver10/device/wsdl" 
    xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding" 
    xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding" 
    xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding" 
    xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" 
    xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding" 
    xmlns:tev="http://www.onvif.org/ver10/events/wsdl" 
    xmlns:timg="http://www.onvif.org/ver10/imaging/wsdl" 
    xmlns:tptz="http://www.onvif.org/ver10/ptz/wsdl" 
    xmlns:trt="http://www.onvif.org/ver10/media/wsdl" 
    xmlns:ter="http://www.onvif.org/ver10/error" 
    xmlns:tns1="http://www.onvif.org/ver10/topics" 
    xmlns:tnsaxis="http://www.axis.com/2009/event/topics">

    <SOAP-ENV:Header></SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
            <SOAP-ENV:Code>
                <SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
                <SOAP-ENV:Subcode>
                    <SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
                </SOAP-ENV:Subcode>
            </SOAP-ENV:Code>
            <SOAP-ENV:Reason>
                <SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
            </SOAP-ENV:Reason>
            <SOAP-ENV:Detail>The action requested requires authorization and the sender is not authorized</SOAP-ENV:Detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

    Where I was wrong? (With Bosch VIP X1 XF IVA it works)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ONVIF : How to form the device web service address from the IP address of an NVT
Get live stream from Network IP camera that support ONVIF protocol?
Open source code exists for ONVIF video stream on camera side? (not client side)
How to access an IP camera using OpenCV (C++ code) ? is there a way to access with OpenCv+vlc ? (windows 7)
Auto-login into the IP Camera
Unable to connect to IP-camera
How to make an Axis network camera appear as a local webcam camera?
What are the minimum specs required for a PC to stream HD movie files?
Find IP address from a IP-Camera (Ubuntu)
Capture RTSP stream from IP Camera and store