Passing UserID/PW: Conventions?

[(PeteCresswell)]

I'm trying to get some sample code running that access an IP
camera.

It's failing with "401 Unauthorized Authorization required for
the requested URL."

I'm pretty sure it's happening when I try to refer to an object
(?) in the camera - which is only accessible using an ID/PW.

e.g.
------------------------------------------------------------------
<FRAME
SRC="http://10.0.0.140:8000/ImageViewer?Mode=Motion&Resolution=320x240&Quality=Standard&Interval=10"
NAME="right">
------------------------------------------------------------------

So... it seems like I need tb passing a UserID/PW - either on
that line or somehow logging in to the camera silently
beforehand.

I don't expect anybody to know about the specific camera
(Panasonic BB-HCM735, just for the record)

But I'm thinking maybe there a widely-used convention for this
and if I knew it, maybe I'd get lucky doping out the code for
this particular camera.

 

[(PeteCresswell)]

Per (PeteCresswell):

e.g.
------------------------------------------------------------------
<FRAME
SRC="http://10.0.0.140:8000/ImageViewer?Mode=Motion&Resolution=320x240&Quality=Standard&Interval=10"
NAME="right">
------------------------------------------------------------------

I think I'm catching on.

The syntax appears tb "[ID]/[PW]@" appended to the IP addr.

e.g.

 

[VanguardLH]

Per (PeteCresswell):

e.g.
------------------------------------------------------------------
<FRAME
SRC="http://10.0.0.140:8000/ImageViewer?Mode=Motion&Resolution=320x240&Quality=Standard&Interval=10"
NAME="right">
------------------------------------------------------------------

I think I'm catching on.

The syntax appears tb "[ID]/[PW]@" appended to the IP addr.

e.g.
------------------------------------------------------------------
<FRAME
SRC="http://xxxxxx:[email protected]:800...solution=320x240&Quality=Standard&Interval=10"
NAME="right">
------------------------------------------------------------------

That would be PREpended to the IP address. Although you say appended,
you show prepended in your example which is "correct" ... maybe. You
also said "[ID]/[PW]@" but it's actually "[ID[W]]@" (which, again, you
showed correctly in your example).

One some web browsers will support the userid & password fields in an
HTTP URL. These fields are NOT defined in the HTTP URL specification.
They were shown in a generic URL syntax description in the RFC but the
addendums for each protocol specifies the exact syntax ... and HTTP did
*not* include UID and PW fields. As such, Microsoft became compliant
way back in IE6-SP1. Other web browsers are more sloppy (and try to
claim they are more compliant when, in fact, they are less compliant
hence more sloppy) and will allow the old de facto use of UID and PW
fields in the HTTP URL. When Microsoft became compliant, there was an
outcry about the loss for this support present in older versions up to
01-Sep-2002 when SP-1 was released for IE6.

http://support.microsoft.com/kb/834489

So whether adding the username & password in the HTTP URL works or not
depends on what web browser is employed by the visitor of your web page.
Also, you will be transmitting the username and password in CLEAR TEXT
for anyone to sniff out hence why it is never recommended to use this
method for authentication.

I don't what "IP camera" you have. Does it support HTTP authentication?
I'm not sure how a camera is going to have accounts defined within it to
accept login credentials (userid and password). Is this "IP camera"
connected to a host or directly to the network?

http://www.checkupdown.com/status/E401.html
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html, section 10.4.2

When I see this error, it means I have to login with valid credentials
(typically the same as a user account defined on the target host).

 

[(PeteCresswell)]

Per VanguardLH:

Also, you will be transmitting the username and password in CLEAR TEXT
for anyone to sniff out hence why it is never recommended to use this
method for authentication.

I don't what "IP camera" you have. Does it support HTTP authentication?
I'm not sure how a camera is going to have accounts defined within it to
accept login credentials (userid and password). Is this "IP camera"
connected to a host or directly to the network?

Thanks for the insights: very helpful, especially the
browser-dependent part - which disposes of my bright idea of
giving people a URL with embedded ID/PW.

Not knowing enough to make an informed decision, I have not
figured out whether secure IDs/Passwords are crucial or not.

I'm guessing that any security need that there is goes away when
a server becomes the middle man.

It's a Panasonic BB-HCM735, connected more-or-less directly to
the router/Internet (actually through a POE switch...).\

It's intended use is as a "Surfcam" so remote customers of a
windsurfing shop can look directly at the water and see if people
are getting enough wind to make it worthwhile coming down to sail
- instead of calling the shop owner, whose phone is currently
ringing every five minutes on every day that looks like it might
be windy.

I'm guessing there's not much the average 13-year-old with
emotional problems can do except maybe take the camera down by
opening up more than the maximum number of supported concurrent
users (can't cite the number offhand...).

Unencumbered by much knowledge, I'm setting it up so that anybody
who follows the URL gets a rudimentary page with a still picture
and a "Login" tab. The idea is that we'll have a generic
"General User" ID named "xxxxxx" with a password of "yyyyyy" and
just publish that to the shop's customers for now.

I'm fooling around with some sample HTML - and if I ever figure
out how to render the camera and some basic controls on a custom
web page, maybe I'll talk the shop's webmaster into adding a page
to the shop's page.

The sheer badness of the documentation on this thing is stunning.
HTML-wise, I'm hoping that there is some widely-used command set
shared by many makers and I'll stumble on to some material that
will make it all come together for me.

OTOH, it's looking like there are IP cams where users connect
directly to the cam. and IP cams that feed a server where users
connect to the server, which acts as a middle man.

My uninformed gut says that the direct connect will prove
troublesome/inadequate and we will wind up with the server
solution in the long run - but that means a 24-7 box at the shop
bc the owner does not have the financial means to pay a "real"
service like StreamBy.

If anybody has some IP cam mojo to share, I'm all ears.

 

[VanguardLH]

Panasonic BB-HCM735

This IP camera runs as a server and one of its wireless features is
"username/password, SSL". Are you sure that you're using HTTPS as the
protocol for your URL?

There are limits based on what protocol is used to access this server
(the IP camera). 30 for HTTP, 8 for HTTPS, and just 3 for H.264/MPEG-4
mode. So if you're looking to maximize how many of your customers can
see the beach (and to reduce your "what's it like today" phone calls),
I'd think you would disable SSL and use HTTP instead of HTTPS. Also,
for security, I would think you would have your visitors go to a
specific web page at your site where a button click runs a PHP or other
server-side script that then decides where to connect the user.

I tried going to http://service.us.panasonic.com/OperMan/ to look at the
manual but they don't have it online.

 

[(PeteCresswell)]

Per VanguardLH:

I would think you would have your visitors go to a
specific web page at your site where a button click runs a PHP or other
server-side script that then decides where to connect the user.

That seems like the middle way - between direct access and having
a server.

That's what I'm pursuing right now - groping around with some
sample HTML that could be incorporated into the shop's web site.

But that would be predicated on being able to pass an ID/PW
dynamically on the HTML - right?

 

[VanguardLH]

VanguardLH:


That seems like the middle way - between direct access and having
a server.

That's what I'm pursuing right now - groping around with some
sample HTML that could be incorporated into the shop's web site.

But that would be predicated on being able to pass an ID/PW
dynamically on the HTML - right?

I can't get the manual for this product. They don't list it available
as online from their site. It may be that you can disable the
username/password requirement. The device is on your intranet so a
direct URL might not work and why I mention using a web page for
visitors who then get directed to the device (which would presumably
stream the video & audio to that web page).

I'm not sure but I'm thinking you were using an HTTP URL instead of
HTTPS and the server (IP camera) was setup to use SSL. If so, you have
to use HTTPS to connect to the camera; else, trying to use HTTP would
result in an auth error (which might be the cause of the 401 error).

Are the wireless features of "username/password, SSL" configurable (to
enable or disable each of them)? If you connect to the device,
presumably it has a config page you can go to where you can change the
settings for the device. Again, I can't get the manual for it.

 

[(PeteCresswell)]

Per VanguardLH:

I'm not sure but I'm thinking you were using an HTTP URL instead of
HTTPS and the server (IP camera) was setup to use SSL. If so, you have
to use HTTPS to connect to the camera; else, trying to use HTTP would
result in an auth error (which might be the cause of the 401 error).

I'm 99.9% sure I'm using plain old HTTP - at least that's what I
get from viewing the setup menu.

Are the wireless features of "username/password, SSL" configurable (to
enable or disable each of them)? If you connect to the device,
presumably it has a config page you can go to where you can change the
settings for the device.

There is an option to disable password prompts - which I have
enabled for now.

With that option, the camera throws up a native window with
3-second snapshots. That window has a "Login" tab that accepts
an ID/PW for more viewing options depending on the type of ID
entered.

Again, I can't get the manual for it.

You're not missing anything, trust me.... -)

I've found a "Panasonic Network Camera Technical Notes CGI
Specifications for h.264, MPEG-4 and JPEG Camera series Ver. 4.30
January 25, 2010" at http://tinyurl.com/3apf3n4

But there's no mention of how to supply ID/PW.... I guess the
conventions are just something everybody is supposed to know.

Eventually, I'll stumble through it.... The windsurfing shop's
season is closing soon and I'll have all winter to mess around
without the prospect of impeding somebody else.

Right now, I'm back to trying to get remote access working via
Panasonic's ViewNetCam.com service.... Trouble is that now the
thing's 80 miles away.... and I have go wait until I go down
there again to fool around with it some more.

I suspect a problem with their router. They have DSL and the
router is connected to the DSL box.... so maybe there could be
port forwarding issue there.

But I can't connect to the router at all - can't even get an
ID/PW prompt.... so I have to trust Panasonic's automated setup -
which didn't abend.... but I can't even tell if UpNP is enabled
on the router.

Once the shop closes for the season and I'm not worried about
impeding their internet connectivity, I'll bring one of my own
routers down there and try setting everything up from scratch.

 

[Mike S]

Per (PeteCresswell):

e.g.
------------------------------------------------------------------
<FRAME
SRC="http://10.0.0.140:8000/ImageViewer?Mode=Motion&Resolution=320x240&Quality=Standard&Interval=10"
NAME="right">
------------------------------------------------------------------

I think I'm catching on.

The syntax appears tb "[ID]/[PW]@" appended to the IP addr.

e.g.
------------------------------------------------------------------
<FRAME
SRC="http://xxxxxx:[email protected]:800...solution=320x240&Quality=Standard&Interval=10"
NAME="right">
------------------------------------------------------------------

That would be PREpended to the IP address. Although you say appended,
you show prepended in your example which is "correct" ... maybe. You
also said "[ID]/[PW]@" but it's actually "[ID[W]]@" (which, again, you
showed correctly in your example).

One some web browsers will support the userid& password fields in an
HTTP URL. These fields are NOT defined in the HTTP URL specification.
They were shown in a generic URL syntax description in the RFC but the
addendums for each protocol specifies the exact syntax ... and HTTP did
*not* include UID and PW fields. As such, Microsoft became compliant
way back in IE6-SP1. Other web browsers are more sloppy (and try to
claim they are more compliant when, in fact, they are less compliant
hence more sloppy) and will allow the old de facto use of UID and PW
fields in the HTTP URL. When Microsoft became compliant, there was an
outcry about the loss for this support present in older versions up to
01-Sep-2002 when SP-1 was released for IE6.

http://support.microsoft.com/kb/834489

So whether adding the username& password in the HTTP URL works or not
depends on what web browser is employed by the visitor of your web page.
Also, you will be transmitting the username and password in CLEAR TEXT
for anyone to sniff out hence why it is never recommended to use this
method for authentication.

I don't what "IP camera" you have. Does it support HTTP authentication?
I'm not sure how a camera is going to have accounts defined within it to
accept login credentials (userid and password). Is this "IP camera"
connected to a host or directly to the network?

http://www.checkupdown.com/status/E401.html
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html, section 10.4.2

When I see this error, it means I have to login with valid credentials
(typically the same as a user account defined on the target host).

Does this help at all?

http://csj.psn-web.net/netwkcam_net/download/us/document/NEW_Camera_CGI_Interface_v4.30.pdf

 

[(PeteCresswell)]

Per Mike S:

Does this help at all?

http://csj.psn-web.net/netwkcam_net/download/us/document/NEW_Camera_CGI_Interface_v4.30.pdf

That's one of the ones I've been going through, but it does not
seem to mention how to supply ID/PW on-the-fly.

Sample code I've found uses this convention:

SRC="http://10.0.0.253:50001/ImageViewer?Mode=Motion&Resolution=320x240
&Quality=Standard&Interval=10" NAME="CameraView">


But nothing I've found uses
<FRAME
SRC="http://xxxxxx:[email protected]:500...solution=320x240&Quality=Standard&Interval=10"
NAME="CameraView">

All the code seems predicated on the idea that the camera is
already open and the user logged in.

I'm trying to figure out how to set up a rudimentary web page
that just shows what the camera is seeing - without any login
prompt or extraneous controls/fields.... just the image. User
clicks a button, button's code opens the rudimentary page, user
sees image.

But that would seem tb predicated on supplying some
authentication info to the camera.

 

[Mike S]

Per Mike S:

That's one of the ones I've been going through, but it does not
seem to mention how to supply ID/PW on-the-fly.

You may be able to include ID and Password this way:

pg 29

When MMode is set to "128" (HTTP notification)
MID : Basic authentication ID Note: 0-63 one-byte char's
MPassword : Basic authentication Password Note: 0-63 one-byte char's

&MID=userid&MPassword=userpassword

pg 30

Set?Func=ImageTransfer&Kind=1&TaskEnable=1&TCondition=4&PostEnable=1&PostIntervalPer=100
0&PostIntervalNum=1&PostNum=1&PreEnable=1&PreIntervalPer=1000&PreIntervalNum=1&PreNum=
1&TMode=16&MMode=128&MHttpHost=xxxx.xxx&MHttpPort=80&MFileName=cgi-bin/alarmget.cgi?Ta
sk=1%26CamUrl=http://camera111.yyy.yyy.yyy/&Mode=2&MID=userid&MPassword=userpassword

=================================

Sample code I've found uses this convention:

SRC="http://10.0.0.253:50001/ImageViewer?Mode=Motion&Resolution=320x240
&Quality=Standard&Interval=10" NAME="CameraView">

But nothing I've found uses
<FRAME
SRC="http://xxxxxx:[email protected]:500...solution=320x240&Quality=Standard&Interval=10"
NAME="CameraView">
All the code seems predicated on the idea that the camera is
already open and the user logged in.
I'm trying to figure out how to set up a rudimentary web page
that just shows what the camera is seeing - without any login
prompt or extraneous controls/fields.... just the image. User
clicks a button, button's code opens the rudimentary page, user
sees image. But that would seem tb predicated on supplying some
authentication info to the camera.

I found what looks like your approach on pg 69

3.25 Image display (ImageViewer)

ImageViewer?Resolution=320x240&Quality=Standard&Mode=Refresh&Interval=5

Accessible for administrators and general users authorized to view
images (Includes guest users, when administrator allows guest users to
access the camera)

ImageViewer is used to display images and set various image qualities.
By setting ImageViewer parameters, you can specify to display motion or
still images, select image resolution, quality (favor motion, clarity,
etc.) and still image interval.

Question 1) Did you enable guest users in the camera settings?
=================================


Page 56 looks like it might be useful:

3.13 MotionJPEG retrieval (Real-time) (nphMotionJpeg)

Accessible for administrator and general users authorized to view motion
images (Includes guest users, when administrator allows guest users to
access the camera) Used for retrieving MotionJPEG data (motion images)
from the camera. Use a viewer that can playback buffered images on
demand to enable real-time monitoring.

nphMotionJpeg: Retrieve Motion JPEG.
Parameters
- Resolution : 192x144, 320x240, 640x480, 1280x960, 1280x1024
- Quality : Motion, Standard, Clarity
- Framerate : FPS 0.1-30

Image display procedure
(1) Start reception : Establish a connection (open the socket), and send
the following command string to HTTP port.
"GET
http://xxx.xxx.xxx.xxx:yy/nphMotionJpeg?Resolution=320x240&Quality=Standard
HTTP/1.0\r\n"

(2) Data reception
"HTTP/1.0 200 OK\r\n"
"Content-Type: multipart/x-mixed-replace; boundary=--myboundary..."
"...--myboundary.Content-type: image/jpeg..."
JPEG binary data No. 1 (Hexadecimal
notation="FFD8................................FFD9")
"...--myboundary.Content-type: image/jpeg..."
JPEG binary data No. 2 (Hexadecimal
notation="FFD8................................FFD9")
:
:
"...--myboundary.Content-type: image/jpeg..."
JPEG binary data No. N (Hexadecimal
notation="FFD8................................FFD9")

* Above mentioned Content-type: From FFD8(following image/jpeg) to
"--myboundary" (just before FFD9)
is 1 JPEG data file.

(3) Image displaying/saving
From the data above, extract JPEG data, and display the extracted
consecutively or save it. A viewer that supports the above data is
required to view images.

(4) Finish reception
End connection (close the socket).

 

[Mike S]

<snip>

This software has a 21 day free evaluation version that may make
configuring the camera easier.

http://www.h264soft.com/h264webcam.html
================

There are several auctions for this model in ebay, you might consider
asking a seller to copy the manual and auction it for a low price so you
could purchase it there:

http://www.ebay.com/sch/i.html?_nkw=bb+hcm735

 

[(PeteCresswell)]

Per Mike S:

You may be able to include ID and Password this way:

Thanks.

I think I'm going to RTFM now that I have a general idea of what
the context for the syntax in "Panasonic Network Camera Technical
Notes CGI Specifications for H.264, MPEG-4 and JPEG Camera
series Ver. 4.30" is.

 

[(PeteCresswell)]

Thanks for all the effort.

Now I'm starting to get some feel for what can be done and it
looks to me like if I just RTFM, everything I want to do is
possible....




Per Mike S:

 

[(PeteCresswell)]

Per (PeteCresswell):

RTFM

One last question.

Over-and-over they make two statements:

- "Establish a connection (open the socket), and send the
following command string...."

- "End connection (close the socket)."


I've done a "Find" on "connection" and "socket" over-and-over,
but cannot figure out how one establishes or ends a connection.

Separate commands, right?

 

[Ben Bacarisse]

Per (PeteCresswell):

One last question.

Over-and-over they make two statements:

- "Establish a connection (open the socket), and send the
following command string...."

- "End connection (close the socket)."


I've done a "Find" on "connection" and "socket" over-and-over,
but cannot figure out how one establishes or ends a connection.

It depends on the context. It is likely that the connection is a TCP
connection but the manual should say a bit more or establish enough
context to say for sure.

TCP is the raw protocol used to carry everything from FTP to HTTP but
any remotely operated devices use telnet. If you have a telnet program
you could try that.

BTW, this is getting very far from HTML. There may be a more relevant
and useful group to ask in.

 

[(PeteCresswell)]

Per Ben Bacarisse:

TCP is the raw protocol used to carry everything from FTP to HTTP but
any remotely operated devices use telnet. If you have a telnet program
you could try that.

BTW, this is getting very far from HTML. There may be a more relevant
and useful group to ask in.

The accompanying examples in the manual are HTML - so I'm
guessing they expect the developer to establish the connection
via HTML. Or am I just wishing?

 

[Ben Bacarisse]

Per Ben Bacarisse:

I meant "many" not "any" here!

The accompanying examples in the manual are HTML - so I'm
guessing they expect the developer to establish the connection
via HTML. Or am I just wishing?

Your post said that manual included:

| - "Establish a connection (open the socket), and send the
| following command string...."

That does not sound like anything HTML though it is general enough that I
suppose it could be. What doe the command string look like?

 

[(PeteCresswell)]

Per Ben Bacarisse:

That does not sound like anything HTML though it is general enough that I
suppose it could be. What doe the command string look like?

Any one of dozens with the same admonition:
-----------------------------------------------
Image display procedure
(1) Start reception
Establish a connection (open the socket), and send the following
command string to HTTP port.
"GET
http://xxx.xxx.xxx.xxx:yy/nphMotionJpeg?Resolution=320x240&Quality=Standard
HTTP/1.0\r\n"
xxx.xxx.xxx.xxx: IP address or domain name
yy: HTTP port no. (Not required if the port number is set to 80)

 

[Ben Bacarisse]

Per Ben Bacarisse:

Any one of dozens with the same admonition:
-----------------------------------------------
Image display procedure
(1) Start reception
Establish a connection (open the socket), and send the following
command string to HTTP port.
"GET
http://xxx.xxx.xxx.xxx:yy/nphMotionJpeg?Resolution=320x240&Quality=Standard
HTTP/1.0\r\n"
xxx.xxx.xxx.xxx: IP address or domain name
yy: HTTP port no. (Not required if the port number is set to 80)
-----------------------------------------------

OK. That's just an HTTP request (I'd call it a request rather than a
"command" but why quibble?). Your question was "how do I open a
connection" and that now has a trivial answer: a browser. A browser's
main use is to send GET requests on a suitable connection. (It's odd
that the request is HTTP 1.0 not HTTP 1.1 -- which is what most browsers
will send -- but I bet that won't matter). Type the http:... part right
up to the 'd' of "Standard" into a browser's location bar and it will
send a GET request. A browser adds some HTTP request headers but,
again, I bet that won't matter.

Alternatively, you can use a piece of software that can open "interactive" TCP
connections and type the request yourself. A telnet program will do, or
you could use something like 'netcat'.