LabVIEW

win11

labview 2024 q3

If you look into the wireshark capture of the working example, you see a first try to connect and POST, which is then replied to by "403 - Forbidden" by the server. Then, a different url "/login" is visited before returning to the original one.

It ist quite standard that  one first tries to access an URL, gets a 403, and then does something to login.

It's possible that the 403 message contains information what to do, like "goto /login", it's even possible that Labview knows this and goes to /login somewhere else in your code.
The way it looks, you might get a cookie from /login and use that to authenticate to the actual webservice. This is quite standard, you need to log just once every 30min or so, and can use the webservice for another 30min.

In wireshark, you can right-click one of your green lines, and select "follow" -> "TCP/IP stream". You will then get a more clear view of the communication between server and client. This might help to understand what mechanism is behind.

thanks for your reply!

you are right

labview htttp client sends a "post /login" request(frame 236),

frame236 include 3 keys ("ss",“A”,"M"),and these keys value is unreadable

how can i use postman to simulate this frame,so other language can access this WS(permission included)

Well, I'd say like this:

First of all, the three values somehow look like authentication credentials. Is it OK to post them here?

What do you mean by "unreadable"? Those are clearly base64-encoded strings, and you can decode that. But that doesn't mean you'll get anything useful, then. 

Finally: You have at least three web service requests: 1. Trying to use the webservice and failing due to missing authentication. 2.: Login 3.: use the webservice sucessfully.

For webservices, it is VERY unusual that a succesful login is valid within that same TCP/IP connection. Today, it is possible to do several HTTP requests in the same TCP/IP connection, but this is not guaranteed. In the past, the connection was closed after each request. Also, I'm pretty sure Postman will open one connection for each request, and I have no idea if you can make Postman to use a single connection for two requestes. 

Therefore, the login process usually returns a token, which is presented by the client during the next request. This token can be just a long, random string or a cookie (i.e. long random string stored on client side) 

Again, you can get this clear view of your TCP/IP connection in Wireshark, where sent data is red, and received is blue:

This is me accessing my local Grafana server.

See that Cookie: grafana_session=<long random string> in both (red) requests? This is what I got from Grafana yesterday, when I logged in by username and password. It is still valid today, so presenting this line is enough for Grafana to accept my request without further login.

As said, there are different mechanisms, but since there's a cookie path in your VI, I expect this to be used.

Additional info: Postman can handle cookies. It seems it stores them when received, and you can somehow add them to your requests in the Headers section. I never used that, and I'm also no expert of Postman.

1.how i config my WS

this is how i config my WS,labview 2024 q3,user "u1" already has the permission

2. how i access my WS by labview http client

3. frame flow by labview http client

4.labview http client_log in to my WS

ss is get from GET's RESPONSE

I can't understand how "A" or "M" was generated,Because I guess if I use postman to send A, M, ss according to the form, I might be able to log in to my service

..................................................................................................................................

GET /login?username=u1 HTTP/1.1

Host: 127.0.0.1:8001

Accept: */*

HTTP/1.1 403 Forbidden

Connection: Keep-Alive

Server: Embedthis-http

X-NI-AUTH-PARAMS: N=1,s=G0UPgRYlGEnYgEysi8gZuQ==,B=C0KBG/wlaEZHVJFDinqliCzSX2xTym7D4dFTOxaPL5ghKuCASsca4SWiayUF9xHnyX0zSlE/LXpxHXTfk6hf307eNemR6pF5PN6CqTlNC1fvR9SolHEu91y20PswXoHWMWoQx2rbpck86hiNL/xEEPleI2uGUsWeeqywq/SI1Ko=,ss=YzRiOWY2OGY1NTQ4OTgzMWM4YTA1YWNjYmNkYjE1ZTA=

Cache-Control: no-cache

Date: ...., 07 8.. 2025 00:06:25 GMT

Content-Length: 151

Keep-Alive: timeout=60, max=199

<!DOCTYPE html>

<html><head><title>Forbidden</title></head>

<body>

<h2>Access Error: 403 -- Forbidden</h2>

<pre>Forbidden</pre>

</body>

</html>

POST /login HTTP/1.1

Host: 127.0.0.1:8001

Accept: */*

Content-Length: 253

Content-Type: application/x-www-form-urlencoded

ss=YzRiOWY2OGY1NTQ4OTgzMWM4YTA1YWNjYmNkYjE1ZTA=&A=nor_p47PGFeM4Kh8J3kq9J3IYw8ibUf87lEms8Om9iRxKxokwt6AYTHDZK0giAmU7RwR9DKFsO49ROvOeoUl2E5JBJTz8s6pkn0pdJuku08RlgE1KRCZAbO9VDiQkKVOBrpS0AQhAgLHdLI9SYeW4JXUH-t6h4q84NUhWb_xqGo=&M=PeSPdkceJfszh5Sw-BsESqj0nUM=

HTTP/1.1 200 OK

Connection: Keep-Alive

Server: Embedthis-http

Content-Type: text/xml

Cache-control: no-cache="Set-Cookie"

Date: ...., 07 8.. 2025 00:06:25 GMT

Content-Length: 1027

Keep-Alive: timeout=60, max=198

Set-Cookie: _appwebSessionId_=1zoXwuH7Z2a4jFpE8ELSNA!!; Path=/

<?xml version='1.0' encoding='UTF-8'?><Permissions><Permission><Name>SSLAdminModifyCerts</Name><BuiltIn>false</BuiltIn><ID>2</ID></Permission><Permission><Name>SSLAdminReadCerts</Name><BuiltIn>false</BuiltIn><ID>3</ID></Permission><Permission><Name>GetWSAPIKey</Name><BuiltIn>false</BuiltIn><ID>5</ID></Permission><Permission><Name>ManageWS</Name><BuiltIn>false</BuiltIn><ID>6</ID></Permission><Permission><Name>SetWSAPIKey</Name><BuiltIn>false</BuiltIn><ID>7</ID></Permission><Permission><Name>WIFConfigureAppServer</Name><BuiltIn>false</BuiltIn><ID>8</ID></Permission><Permission><Name>GetSystemConfiguration</Name><BuiltIn>false</BuiltIn><ID>11</ID></Permission><Permission><Name>ManageExtensions</Name><BuiltIn>false</BuiltIn><ID>12</ID></Permission><Permission><Name>DeployWS</Name><BuiltIn>false</BuiltIn><ID>13</ID></Permission><Permission><Name>UndeployWS</Name><BuiltIn>false</BuiltIn><ID>14</ID></Permission><Permission><Name>UserDefinedPermission1</Name><BuiltIn>false</BuiltIn><ID>15</ID></Permission></Permissions>

.....................................................................................................................................................................................................

5. labview http client request POST method successfully and log out

6. THE QUESTION IS:how i use postman(or other http client) to access my WS

6.1 what i do now,

6.2 maybe the key is how to generate the A、M

this is labview http client frame

........................................................

POST /login HTTP/1.1

Host: 127.0.0.1:8001

Accept: */*

Content-Length: 253

Content-Type: application/x-www-form-urlencoded

ss=YzRiOWY2OGY1NTQ4OTgzMWM4YTA1YWNjYmNkYjE1ZTA=&A=nor_p47PGFeM4Kh8J3kq9J3IYw8ibUf87lEms8Om9iRxKxokwt6AYTHDZK0giAmU7RwR9DKFsO49ROvOeoUl2E5JBJTz8s6pkn0pdJuku08RlgE1KRCZAbO9VDiQkKVOBrpS0AQhAgLHdLI9SYeW4JXUH-t6h4q84NUhWb_xqGo=&M=PeSPdkceJfszh5Sw-BsESqj0nUM=

HTTP/1.1 200 OK

Connection: Keep-Alive

Server: Embedthis-http

Content-Type: text/xml

Cache-control: no-cache="Set-Cookie"

Date: ...., 07 8.. 2025 00:06:25 GMT

Content-Length: 1027

Keep-Alive: timeout=60, max=198

Set-Cookie: _appwebSessionId_=1zoXwuH7Z2a4jFpE8ELSNA!!; Path=/

<?xml version='1.0' encoding='UTF-8'?><Permissions><Permission><Name>SSLAdminModifyCerts</Name><BuiltIn>false</BuiltIn><ID>2</ID></Permission><Permission><Name>SSLAdminReadCerts</Name><BuiltIn>false</BuiltIn><ID>3</ID></Permission><Permission><Name>GetWSAPIKey</Name><BuiltIn>false</BuiltIn><ID>5</ID></Permission><Permission><Name>ManageWS</Name><BuiltIn>false</BuiltIn><ID>6</ID></Permission><Permission><Name>SetWSAPIKey</Name><BuiltIn>false</BuiltIn><ID>7</ID></Permission><Permission><Name>WIFConfigureAppServer</Name><BuiltIn>false</BuiltIn><ID>8</ID></Permission><Permission><Name>GetSystemConfiguration</Name><BuiltIn>false</BuiltIn><ID>11</ID></Permission><Permission><Name>ManageExtensions</Name><BuiltIn>false</BuiltIn><ID>12</ID></Permission><Permission><Name>DeployWS</Name><BuiltIn>false</BuiltIn><ID>13</ID></Permission><Permission><Name>UndeployWS</Name><BuiltIn>false</BuiltIn><ID>14</ID></Permission><Permission><Name>UserDefinedPermission1</Name><BuiltIn>false</BuiltIn><ID>15</ID></Permission></Permissions>

......................................................................

Or is it that the service with peimission created by labview cannot be accessed by other non-LabView clients?

maybe only labview http client can

The LabVIEW HTTP library recognizes LabVIEW web services.

Requests to the service must be signed in a way somewhat similar to AWS auth. Postman does not know about this Auth Type, so I do not think you can use it for this.

Here is how the signing works: LabVIEW Web Services Security