Biggeveen Posted December 23, 2010 Report Share Posted December 23, 2010 (edited) Dear folks, I'm trying to get NI's API Key Security working to restrict access to a Webservice. I'm using Labview 2010 32-bit with f2 patch on English Windows 7 Professional 64-bit. Until now my attempts are unsuccessful. My idea of API Key Security is the following: Client requests an URL Mapping at the NI Webserver for which API Key security was enabled in the build. If the right API Key headers are supplied, the webserver returns code 200 and the data. If wrong or no API Key headers are supplied, webserver returns 403 access denied and no data. The point is, even if I enable API Key security and configure the keys, it is still possible to request the page and get the data without supplying the keys. I created a small test project which you can run on your computer, I have attached it. So I did the following. 1) configured NI Application Webserver to run on port 80 (you can do this here). 2) Created a VI "test.vi" which outputs a test message (current date and time followed by 'congratulations'). 3) created "apikeytest" webservice for this VI, enabled API Key security for the URL mapping, built an deployed it to localhost. 4) configured NI Distributed System Manager (DSM) to show webservices (instructions), it doesn't do this by default. 5) configured the following API Key using NI DSM: accessID=api, secureID=key, see attachment. 6) restarted webservices (Start > Run > services.msc > restart "NI Application Webserver") If I now make a GET request to http://localhost:80/apikeytest/test using attached "http get client.vi", or a normal browser, you always get HTTP Status 200 OK and the data, no matter if the keys are added or not. Removing the apikeytest webservice using DSM prior to deploying a fresh build doesn't help. I found RESTclient add-on for Firefox very useful to see which headers are sent and received. So it seems the webserver doesn't know that he has to validate API Keys, although I enabled it in the build configuration and configured an AccessID and SecretID. Anybody any suggestions how to get this running? Don't be suprised if I do not reply before 3 January! api key test20101223.zip Edited December 23, 2010 by Biggeveen Quote Link to comment
Biggeveen Posted January 3, 2011 Author Report Share Posted January 3, 2011 Anybody? Quote Link to comment
Biggeveen Posted January 28, 2011 Author Report Share Posted January 28, 2011 I'm trying to get NI's API Key Security working to restrict access to a Webservice. (...) The point is, even if I enable API Key security and configure the keys, it is still possible to request the page and get the data without supplying the keys. I contacted National Instruments about this, they acknowledge the bug. They also told me it is likely not going to be fixed in the next release, and probably the entire API Key mechanism will be removed in future versions... Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.