Chrome can view Annke C800 IP camera image but HTTP Request gets 401 response

General
22

Hmmm, if it fails in cURL - its a tough one

could you retry the whole process but access the image via HTTPS https://admin:XXXXXX@192.168.1.210/ISAPI/Stream...... in the browser. If that works, then copy the curl and try again?

If that doesnt work, my last idea will be to try as a copy node fetch and try in a function node

23

When you login look in the network tab, are you sure it is not utilizing an intermediary page that redirects it further ? (ie, with a 302/304 where some session/cookie is being stored ?).

side note about the topic title; if you open an incognito tab with the url, I do not believe the url will load if the curl gives you unauthorized.

24

thats where my thinking was due to ...

@nygma2004 could you tick [x] preserve log and refresh.

Also, could you show use the preview and response tabs?

25

It looks like this after refresh:

image
image1418×723 144 KB

And nothing on the response tab:

image
image1448×770 139 KB

26

Ok, last one from me.

  1. Did you try https in the browser URL?

  1. Try the CURL again but remove - H 'Upgrade-Insecure-Requests: 1' \ line

  2. Try the curl again by add image/jpeg to the accept header e.g. -H 'Accept: text/html,image/jpeg,application/xhtml......

27

I tried enabling the HTTPS access and the admin page runs on HTTPS, but the direct image link does not.

I also tried with the two options you suggested and I get the same 401 response back.

I will try to ask around in the Annke forum as well. I will update this thread if I find something out.

28

I think that's the way you'll have to go.

I updated the title to focus attention to anyone familiar with this camera or issue.

29

Since the above method also works .. can you show us the request made in browser when you first visit
http://192.168.1.210/ISAPI/Streaming/channels/1/picture
and the request and headers after you are presented with the Chrome logon window and you fill in your credentials ?

[EDIT]
after further reading of how Basic authorization is done .. can you try
using this code in a Function node before your GET http-request to
http://192.168.1.210/ISAPI/Streaming/channels/1/picture

(add the rest of the headers as shown in your first post)

var username = 'user';
var password = 'password';
var basicAuth = 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64') ;

msg.headers = { 'Authorization': basicAuth }

return msg;
30

OK for some reason the login pop-up is does not appear from Chrome now, maybe I should restart my computer. But it happens from Edge:

image
image1917×973 177 KB

Now I can see a digest authentication in the header.

I also tried your example for passing the basic authentication and it did not help. Still getting error 401.

The topic on the Annke forum is open now, will monitor what response I get.

31

not a restart but maybe clearing the browser cache and any cookies for that page

thats important information .. so its not Basic authentication .. which is why my code example is not working

Have you tried using Digest auth. with your credentials ?

image

OR (seperate test)

with the Use authentication unchecked replicate whatever new headers you see in Chrome with the use of Function node ? especially that Authorization header

32

Believe it or not, it does f... all. This is how I set it up. I tried with both inject node, one goes straight to http-request and the other via the function node to add the header (not the basic authentication, just the rest like user agent, etc.). And the response is the same in both cases:

image
image1614×868 109 KB

33

This is like a mission now :joy::joy:

Would you be willing to make your camera available over the internet & I'll give it go?

Don't worry, getting access using the node-red-contrib-ngrok node is quite simple (and safe)

If yes, then DM me on here with details.

2 Likes
34

Sorry if this upsets you but...

image
image810×273 34.6 KB

↑ first attempt ( :joy: )

Try this flow (the URL and credentials were sanitised - they will need to be re-populated)...

[{"id":"5b278c8a8cf6ba6a","type":"http request","z":"950e6f56f9415563","name":"","method":"GET","ret":"bin","paytoqs":"ignore","url":"http://xxxxx.ddns.net:1240/ISAPI/Streaming/channels/1/picture","tls":"","persist":false,"proxy":"","authType":"digest","senderr":false,"x":960,"y":840,"wires":[["9b8400c7928d5f04","858d8023dd7b8a69"]]},{"id":"e28fbb96d41569de","type":"function","z":"950e6f56f9415563","name":"add headers","func":"msg.headers = {\n    \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\",\n    \"Accept-Encoding\": \"gzip, deflate\",\n    \"Accept-Language\": \"en-GB,en;q=0.9,en-US;q=0.8\",\n    \"Cache-Control\": \"no-cache\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"xxxxx.ddns.net:1240\",\n    \"Pragma\": \"no-cache\",\n    \"Upgrade-Insecure-Requests\": \"1\",\n    \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36 Edg/97.0.1072.69\",\n}\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":790,"y":840,"wires":[["5b278c8a8cf6ba6a"]]},{"id":"da3a017095ace603","type":"inject","z":"950e6f56f9415563","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"{}","payloadType":"json","x":630,"y":840,"wires":[["e28fbb96d41569de"]]},{"id":"858d8023dd7b8a69","type":"debug","z":"950e6f56f9415563","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":1150,"y":800,"wires":[]}]
1 Like
35

Nice one :wink:

so what was the problem ?
the missing Host header and the type of authentication to be set to Digest?

36

Unsure. It worked by simply copying the headers and setting digest auth - so i didnt look any further until @nygma2004 responds & confirms - there may still be an issue - at which time we should ask what node/node-red versions, os etc.

37

Hmmmmmm:

image
image949×337 36.8 KB

And using the second inject node:

image
image1546×485 63.8 KB

I am truly clueless. The only thing I have done before I dropped the email to you is changed the password. But I have re-typed the password multiple times in the past few days. And I was using a password that I use for a long time and it is unlikely that I have consistently mistyped it. But that is the only thing I can think of. So it even works without the headers. I really have no idea what changed.

38

So it even works without the headers.

I highly doubt it. It "currently" works because you have an authenticated session.

39

Yes, I realized it works most probably because the first inject node worked. So could be a lucky mix of headers.
I will restart the server and try again with the old and new code.

40

I just had a short power outage, so the server got restarted. And everything is working, with or without the header fields.

Therefore I think the solution was to add the userid and password as "digest authentication" in the "use authentication" section. And also don't forget to change the output to binary buffer if you send the image to file, image preview node.

image
image1037×878 40.1 KB

1 Like
41

Good stuff. Please mark the post that feel is the solution.