创建第一个用户后(在我的情况下,用户名为“root”,密码为“root”),对于任何onvif请求,AXIS P3301(固件5.11.2)都会返回 NotAuthorized soap fault :
<SOAP-ENV:Fault
SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding"
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>
The action requested requires authorization and the sender is not authorized
</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
根据 ONVIF 规范1.02,我使用用户名令牌配置文件进行身份验证,规范http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf中对此进行了描述。
以下是我用来构建soap请求的脚本:
xquery version "1.0";
declare copy-namespaces no-preserve, inherit;
<s:Envelope
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<o:Security
s:mustUnderstand="true"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
<o:Username>{model/userName/text()}</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">
{model/passwordDigest/text()}
</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
{model/nonce/text()}
</o:Nonce>
<u:Created>{model/created/text()}</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
</s:Body>
</s:Envelope>
以下是我发送请求的代码:
static byte[] sha1(params byte[][] parts) {
var data = parts.Concat().ToArray();
var hasher = SHA1.Create();
return hasher.ComputeHash(data);
}
static string userName = "root";
static string password = "root";
static void Main(string[] args) {
Init();
var uri = @"http://192.168.5.71/onvif/services";
var nonce = new byte[] {1,2,3,4};
var created = System.DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ");
try {
var body = SendSoapRequest(uri, "GetDeviceInformation.xq", new {
userName = userName,
passwordDigest = sha1(
nonce,
created.ToUtf8(),
password.ToUtf8()
).ToBase64(),
nonce = nonce.ToBase64(),
created = created,
});
using (var _w = new XmlTextWriter(Console.Out)) {
_w.Formatting = Formatting.Indented;
body.WriteTo(_w);
}
}catch(SoapFaultException err){
var fault = err.fault;
using (var _w = new XmlTextWriter(Console.Out)) {
_w.Formatting = Formatting.Indented;
fault.WriteTo(_w);
}
}
}
Wireshark请求日志:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
s:mustUnderstand="true">
<o:UsernameToken u:Id="UsernameToken-3ae8d972-d014-47b0-858b-2364f6119763">
<o:Username>root</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">MQ52wETdmCuGHmCsYED3FGrQ0UE=</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">AQIDBA==</o:Nonce>
<u:Created>2011-03-03T12:23:28.499Z</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<tds:GetDeviceInformation xmlns:tds="http://www.onvif.org/ver10/device/wsdl" />
</s:Body>
</s:Envelope>
Wirehark回复日志:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope"
xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsa5="http://www.w3.org/2005/08/addressing"
xmlns:xmime5="http://www.w3.org/2005/05/xmlmime"
xmlns:wsrf-bf="http://docs.oasis-open.org/wsrf/bf-2"
xmlns:wstop="http://docs.oasis-open.org/wsn/t-1"
xmlns:tt="http://www.onvif.org/ver10/schema"
xmlns:wsrf-r="http://docs.oasis-open.org/wsrf/r-2"
xmlns:tan1="http://www.onvif.org/ver10/analytics/wsdl/RuleEngineBinding"
xmlns:tan="http://www.onvif.org/ver10/analytics/wsdl"
xmlns:tan2="http://www.onvif.org/ver10/analytics/wsdl/AnalyticsEngineBinding"
xmlns:tds="http://www.onvif.org/ver10/device/wsdl"
xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding"
xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding"
xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding"
xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding"
xmlns:tev="http://www.onvif.org/ver10/events/wsdl"
xmlns:timg="http://www.onvif.org/ver10/imaging/wsdl"
xmlns:tptz="http://www.onvif.org/ver10/ptz/wsdl"
xmlns:trt="http://www.onvif.org/ver10/media/wsdl"
xmlns:ter="http://www.onvif.org/ver10/error"
xmlns:tns1="http://www.onvif.org/ver10/topics"
xmlns:tnsaxis="http://www.axis.com/2009/event/topics">
<SOAP-ENV:Header></SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>The action requested requires authorization and the sender is not authorized</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
我哪里错了? (使用博世VIP X1 XF IVA可以工作)
答案 0 :(得分:1)
我看不到你在肥皂信封中指定“tds”命名空间(应该是“http://www.onvif.org/ver10/device/wsdl”)的位置。我遇到了同样的问题:我的请求中有一个拼写错误,我的相机回答“未经授权的http 401”。
答案 1 :(得分:0)
您的相机似乎支持 WSS 用户名令牌认证,但您指定的用户名/密码错误。我在 AXIS P3905 上遇到了同样的问题。正确的凭据解决了我的问题