Forum

Insufficient rights for using the resource with the specified HTTP method

Mubarak Sami	#1 Apr 04, 2016 10:57 AM
Active user Points:: 0 Joined:: Feb 9, 2016	Hi, I have an application that uses HTTP services that use the GET HTTP method. I was running my application locally for development without any security Roles or users. Then, when I moved to staging I created a role Administrator and made access require security. Now, when I try to access my HTTP services from other applications I get: "Insufficient rights for using the resource with the specified HTTP method". how can I configure access to solve this problem. I'm new to 1C. Thanks for all your support. using 1C:Enterprise 8.3 (8.3.8.1502). regards, Mubarak
	Profile

Alexei Khatin	#2 Apr 04, 2016 11:58 AM
Active user Points:: 0 Joined:: Apr 18, 2012	Hi, Mubarak. Create user for your HTTP service and publish database to web server again.
	Profile

Mubarak Sami	#3 Apr 04, 2016 12:13 PM
Active user Points:: 0 Joined:: Feb 9, 2016	Hi, I dont know how to grant role or rights to the user on HTTP services. I created a new role called httpRoles but in the Rights, I cannot add HTTP Services to it. can you please specify in step by step how to do that. thanking you
	Profile

Alexei Khatin	#4 Apr 04, 2016 12:20 PM
Active user Points:: 0 Joined:: Apr 18, 2012	Hi, Mubarak. You must grant right "External connection" to your role.
	Profile

Mubarak Sami	#5 Apr 05, 2016 09:19 AM
Active user Points:: 0 Joined:: Feb 9, 2016	thank you very much Alexei. this solved my issue. Just needed to set privilege "Use" also the get http service functions. also, needed to grant permissions to Read catalogs and Documents involved. I appreciate your help
	Profile

Alexei Khatin	#6 Apr 05, 2016 09:42 AM
Active user Points:: 0 Joined:: Apr 18, 2012	You are welcome
	Profile

Lucian Rada	#7 Mar 27, 2018 12:29 AM
Active user Points:: 0 Joined:: Jul 24, 2017	Hello guys. I have a similar problem using HTTP services. I've developed an app that sends and receives JSON's from/to a HMI and that HMI does not know how to send me any data about User Authentication and Password. Obviously, when I started developing the app, I didn't need to have users in my 1C, but now I kind of need them. Can you please give me a suggestion on how to deal with this problem? I can mention that I don't necessarely need to have a secure connection or anything like that. I just need to be able to send/receive those JSON-s without interacting with System Users. Thank you very much. Hope you can help me soon.
	Profile

Vladimir Gurov

Mar 27, 2018 07:29 AM

Interested

Points:: 0
Joined:: Dec 4, 2017

Dear Lucian,

If you use the IIS or Apache web server for hosting your HTTP service that is provided with a 1C:Enterprise application, you can specify the user and password of the infobase in the default.vrd file.

For instance, if your infobase works in file mode, then, in default.vrd, you can specify the user and password as follows:

ib="File="C:\1C_Bases\Demo";Usr=John;Pwd=qwerty;"

Alternatively, if the user and password are not specified in default.vrd, then, if you connect to your HTTP service from another 1C:Enterprise application working as a service client, in the application code you can specify the connection like this:

Code

&AtClient
Procedure TestHTTP()
   Try
      tConnection = New HTTPConnection("localhost", 80, "John", "qwerty");
   Except
   EndTry;
 
   tHTTPRequest = New HTTPRequest("/HTTPTest/hs/Exchange/test-parameter/Test/GetInfo?param=value");
 
   tResponse = "";
 
   Try
      tHTTPResponse = tConnection.Get(tHTTPRequest);
      tResponse = tHTTPResponse.GetBodyAsString();
   Except
      Message(ErrorDescription());
      Return;
   EndTry;
   Message(tResponse);
EndProcedure

When writing your client application in another programming language, you can use a similar approach when connecting to your HTTP service.

Also, you can make your HTTP service rely on Windows (OS) authentication.

Best regards,
Vladimir Gurov

Profile

Lucian Rada	#9 Mar 28, 2018 12:15 AM
Active user Points:: 0 Joined:: Jul 24, 2017	Hello, The fact is that I need to publish the HTTP Services that needs to be accessed WITHOUT a User and a Password combination but still having Users defined in the platform. My solution works well until I define at least one User in the platform ( My HMI works vrey well when I don t have defined any user in the platform; it calls all the services and receives all the JSON-s ). But when I add at least one User in the platform, I don't even get a call in my platform ( not even when expecting the first page/JSON )from my HMI. 1C doesn't allow the request to be received if it doesn't contain any type of Authentication and has Users defined. I will attach a picture from Postman when trying to use that service and have a User defined in the platform, and don't use any authentication type. [img]file:///C:/Users/Lucian.RADA/Desktop/Capture.JPG[/img]
	Profile

Lucian Rada	#10 Mar 28, 2018 12:17 AM
Active user Points:: 0 Joined:: Jul 24, 2017	https://imgur.com/a/rGgDK
	Profile

Vladimir Gurov	#11 Mar 28, 2018 08:25 AM
Interested Points:: 0 Joined:: Dec 4, 2017	Hi Lucian, This is what we talk about. Simply define 1C:Enterprise's user and password in the default.vrd file and optionally, if you want to forbid access to the server via the thin and web clients, specify the enable="false" attribute in the file's "point" XML element. As a result, you will be able to access HTTP services on the server on behalf of the user. When connecting to the server via a client application, there is no need to specify the user and his/her password. Of course, the user should have appropriate grants in your 1C:Enterprise configuration (see above in the discussion). Best regards, Vladimir Gurov
	Profile