Return to LanScape's home page Go back a page...       Active TopicsActive Topics   Display List of Forum MembersMember List   Knowledge Base SearchSearch   HelpHelp  RegisterRegister  LoginLogin

LanScape VOIP Media Engine™ - Pre-Sales Technical Support
 LanScape Support Forum -> LanScape VOIP Media Engine™ - Pre-Sales Technical Support
Subject Topic: Robust Register Authentication Demanded! Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
speedvoip
Vetran
Vetran


Joined: August 07 2008
Location: Canada
Posts: 156
Posted: October 22 2008 at 2:47am | IP Logged Quote speedvoip
Hi Support:

It seems that I must go to cry on media engine register authentication.
With DialerTest sample of V6 engineering release, when register request is challenged by far end registrar and I configure it with wrong realm string and correct user name and password, DialerTest prompts me with "SipRegisterAuthorizationError" and not re-originates new register request with Authorization header. Just like what I describe at previous post.
In theory, RFC3261 indeed requires that register request is authenticated upon user name/password/realm. But most of widely used market-proven SIP stacks often re-initiate new register request with authorization info without inspecting and checking realm string contained at 401 or 407 response. Morever in practice many ITSPs only supply their softphone customer with only pair of user name/pin and basicly no realm info cared. So media engine should fix this flaw to make SIP stack more robust. Here is SIP log:

Code:

************* Log Opened (Oct 22 14:43:00) *************
>>>> TxTxTxTxTxTxTxTxTxTxTxTxTxTxTxTxTxTxTx (#1, [14:43:00.859] 0 Ms, To: 203.167.54.180:6060) >>>>
REGISTER sip:sw2.sp.ring-fone.com:6060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:5061;rport;branch=z9hG4bK0101a11d
From: <sip:77880003@sw2.sp.ring-fone.com:6060>;tag=101620d
To: <sip:77880003@sw2.sp.ring-fone.com:6060>
Call-Id: 87144318-a9e9-40fa-af4e-e1bb1510a58e-000011f0@192.168.1.100
CSeq: 85618 REGISTER
Expires: 36000
Max-Forwards: 70
Contact: <sip:77880003@192.168.1.100:5061>;user=phone
User-Agent: LanScape VOIP Media Engine/6.0.0.0 (www.LanScapeCorp.com)
x-VOIP-SDK: LanScape VOIP Media Engine/6.0.0.0 (www.LanScapeCorp.com)
Content-Length: 0




<<<< RxRxRxRxRxRxRxRxRxRxRxRxRxRxRxRxRxRx (#1, [14:43:01.096] 0 Ms, From: 203.167.54.180:6060) <<<<
SIP/2.0 401 Unauthorized
From: <sip:77880003@sw2.sp.ring-fone.com:6060>;tag=101620d
To:  <sip:77880003@sw2.sp.ring-fone.com:6060>;tag=b436a7cb- 17ac-48fed00c-7a729a3b-69c1ada4
 Call-ID: 87144318-a9e9-40fa-af4e-e1bb1510a58e-000011f0@192.168.1.100
CSeq: 85618 REGISTER
Contact: <sip:77880003@192.168.1.100:5061>;user=phone
Expires: 60
WWW-Authenticate: Digest realm="Subcentrex", nonce="48FED00C", stale=false, algorithm=MD5, qop="auth,auth-int"
Via: SIP/2.0/UDP  192.168.1.100:5061;received=219.133.173.49;rport=41097;branc h=z9hG4bK0101a11d
Supported: replaces,ACK,INFO,CANCEL,BYE,OPTIONS,REFER,SUBSCRIBE,NOTIFY
Content-Length: 0


************* Log Closed (Oct 22 14:43:01) *************



The following info is used for your checking and testing:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Registrar/Proxy FQDN: sw2.sp.ring-fone.com
Registrar/Proxy Port: 6060
user name: 77880003
password: 928471
++++++++++++++++++++++++++++++++++++++++++++++++++++++++


I hope developers of media engine should focus eye on other market-proven SIP stacks or free one such as OPAL and implement it per convention behavior, not staying at house upon RFC3261 and own imagination.

Back to Top View speedvoip's Profile Search for other posts by speedvoip Visit speedvoip's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: October 22 2008 at 6:11am | IP Logged Quote support
Hi George,

Thanks for the info. So your app does not have to care about configuring an authentication realm, simply pass the wildcard string to the AddAuthorizationCredentials() API procedure. Something like this:

Code:

TELEPHONY_RETURN_VALUE status;
.
.
.
status = AddAuthorizationCredentials(hStateMachine, “MyUserN ame”, “MyPassword”, “*”);
.
.
.

 


If you pass the wildcard “*” string as the authentication realm, then the media engine will authenticate using the realm specified in the challenge response and there is no need for your VOIP application to configure a specific challenge realm.


Support


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: October 22 2008 at 6:15am | IP Logged Quote support
By the way, your input has been very good so far. We enjoy hearing developer's thoughts. Keep up the critique. That way this product will get better and better.

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum





Contact LanScape Hear what the Lawyers have to say How youm may use this site Read your privacy rights