HTTP Get - requires Cookies passed

I’m using the pub:client:http service - get method. I provide a URL (https://www-t.customer.com/TestAuthProxy/Proxy/Decrypt.aspx?strEncryptedCredentials=…), usrname, password, method, Basic type, and load as bytes.

Returns with a status of 403: Access Forbidden and body message of “Access to this web site requires that cookies pass properly between your web browser and this web server.” I do see the set-cookie in the header/lines on the return.

Customer is using .NET on their end and said they had to add a CookieContainer to their code to get past the 403 forbidden error.

What do I need to add, either as an argument to the URL or the data/arg, to get this to accept cookies and work? Can this CookieContainer be added to the http service? Or if a repeat call of the http service is required what do I feed into it and where (syntax).

Any help appreciated. Thanks.

I am having this same problem with an HTTP Post. It works fine if I invoke it from a browser or SoapUI, but fails in webMethods 7.1.2 with a 403 and the same error above. I am using content type application/xml in all instances and I verified the user name/password is the same in all instances.

Just want to add, the same webMethods service works for 2 different URLs. So I’m wondering if webMethods cannot interact with websites that require cookies unless the IS is set to do so?

did you check if this server config is set to true?
watt.net.useCookies
Specifies whether Integration Server accepts or denies cookies when communicating with
Web server. Set to true to accept cookies; set to false (or null) to deny cookies. The default
is true.

It is set to true:

webmdusr@u060wspd83:/opt/soa/webMethods7.1/IS1/IntegrationServer/config> grep watt.net.useCookies .
server.cnf:watt.net.useCookies=true

I went through my SoapUI message and tried adding each header it had to a test I setup with WmPublic.pub.client.http to the same endpoint.

This one made it work:

Authorization: Basic VEVTVFRNU0I6dGVzdHRtc2I=

I am not sure I should hardcode that Authorization value as a header in my real code though.

I think I need to base64 encode the user/pass before making the http post. I’ll update if I verify that!

Nope, it was not the base64 encoding before mapping the user/pass to the auth document in WmPublic.client.http. I had to add this header to the headers document:

$Version=0; SMCHALLENGE=YES; $Path=/; $Domain=.kroger.com

I’m sure the .kroger.com part changes based on your own server.

Yes It make sense to add in the headers document:

Well actually a co-worker stopped by and showed me I just needed to add our domain to the user id, KROGER/userid. And now it works perfectly without setting the cookie.

My manager explained it to me that SoapUI has access to the domain that I log into and therefore was able to work without adding the domain to the id, but since webMethods is on unix it doesn’t have that information.

It’s fun being a newbie. :slight_smile: