URL API (WBS31) list meeting is AccessDenied

Hi WebEx Community,

I use URL API (WBS31) for our site.I post login to webex and get new parameter "CSRF" from webex login back.And i post to list meeting with CSRF parameter to webex,the result back is " AT=LM&ST=FAIL&RS=AccessDenied ".

URL API link : https://developer.cisco.com/fileMedia/download/3c228b4b-3423-4058-96c0-5608068d52e0

Advise me,pleas.

============= This is my code ==================

using System;

using System.Collections.Generic;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Net;

using System.Text;

using System.IO;

public partial class testPost : StandardPage

{

    public string WEBEX_SITE = "https://mysite.webex.com/mysiteonline";

    public string WEBEX_USER = "xxx", WEBEX_PASS = "xxxx";

    public string CURRENT_URL = "";

    protected void Page_Load(object sender, EventArgs e)

    {

        CURRENT_URL = HttpContext.Current.Request.Url.AbsoluteUri;

        if (Page.IsPostBack){

        }

        else {

            if (Request["AT"] == null)

            {

                doNewFlowByCSRFToken(WEBEX_SITE, WEBEX_USER, WEBEX_PASS);

            }

        }

    }

    private void doNewFlowByCSRFToken(string site, string userName, string password)

    {

        string result = "", csrfToken = "";

        result = callLoginAPI(site, userName, password);

        csrfToken = parseCSRFToken(result);

  if (csrfToken == null || csrfToken.Equals("")){

            csrfToken = "";

        }

        result = "";       

        ///List Meeting

        result = callListMeetingAPI(site, csrfToken);

        WebLog.Info("end callListMeetingAPI : Data : " + result);

    }

    public string callLoginAPI(string siteUrl, string userName, string password)

  {

        try

        {

            string backUrl = CURRENT_URL;

            if (backUrl.IndexOf("?") > 0)

            {

                backUrl = backUrl.Substring(0, backUrl.IndexOf("?"));

            }

            backUrl = HttpUtility.UrlEncode(backUrl);

            string loginAPI = siteUrl + "/p.php";

            string result = "";

            string _params = "";

            _params += "AT=LI";

            _params += "&WID=" + userName;

            _params += "&PW=" + password;

            _params += "&MU=GoBack";

            _params += "&BU=" + backUrl;

            result = executePostCommand(loginAPI, _params,true);

            return result;

        }

        catch (Exception ex)

        {           

            throw;

        }

    }

    private string callListMeetingAPI(string site, string csrfToken)

    {

        string backUrl = CURRENT_URL;

        if (backUrl.IndexOf("?") > 0)

        {

            backUrl = backUrl.Substring(0, backUrl.IndexOf("?"));

        }

        backUrl = HttpUtility.UrlEncode(backUrl);

        string listMeetingAPI = site + "/m.php";

        string result = "";

        string _params = "";

        _params += "AT=LM";

        _params += csrfToken;

        _params += "&MU=GoBack";

        _params += "&BU=" + backUrl;

        result = executePostCommand(listMeetingAPI,_params,true).ToString();

        return result;

    }

    private string parseCSRFToken(string responseAsString)

    {

        string csrfToken = "";

        string findKey = "&CSRF=";

        if (!responseAsString.Equals(""))

        {

            responseAsString = responseAsString.Replace("\\x3a", ":").Replace("\\x2f", "/").Replace("\\x3f", "?").Replace("\\x3d", "=").Replace("\\x26", "&");

            int startIndex = responseAsString.ToString().IndexOf(findKey);

            string responseSplitKey = responseAsString.Substring(startIndex);

            int endIndex = responseSplitKey.IndexOf("\";");

            string responseSplitVal = responseSplitKey.Substring(0, endIndex);

            if (!responseSplitVal.Equals(""))

            {

                csrfToken = responseSplitVal;

            }

        }

        return csrfToken;

    }

    public string executePostCommand(string siteUrl, string _params,bool ispost)

    {

        try

        {

            string result = "";

            byte[] byteArray = Encoding.UTF8.GetBytes(_params);

            CookieContainer cookies = new CookieContainer();

            HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(siteUrl);

            if (webRequest.Proxy != null)

            {

                webRequest.Proxy.Credentials = CredentialCache.DefaultCredentials;

            }

            webRequest.AllowAutoRedirect = true;

            webRequest.Method = "POST";

            webRequest.ContentType = "application/x-www-form-urlencoded";

            webRequest.ContentLength = byteArray.Length;

            using (Stream reqBody = webRequest.GetRequestStream())

            {

                reqBody.Write(byteArray, 0, byteArray.Length);

                reqBody.Close();

            }

            using (HttpWebResponse response = (HttpWebResponse)webRequest.GetResponse())

            {

                StreamReader reader = new StreamReader(response.GetResponseStream());

                result = reader.ReadToEnd().ToString().Trim();

                reader.Close();

                response.Close();

            }

            return result;

        }

        catch (Exception ex)

        {

            return "";

        }

    } 

}

Best Regards,

Can you provide an example of the actual URL that is generated and sent?

--

Michael Fierro

Cisco - API Developer Services

Hi

Sorry for reply late.The below as detail.

1.Login webEx using callLoginAPI

site url : https://mysite.webex.com/mysite/p.php

params : AT=LI&WID=myuser&PW=mypassword&MU=GoBack&BU=http%3a%2f%2fmysite.studyonline.com%2ftestPost.aspx

result : <head>

       <title> </title>

       <meta http-equiv="content-type" content="text/html; charset=UTF-8">

<meta name="description" content="215"><link rel="shortcut icon" href="/favicont29.ico" type="image/x-icon">

</head>

<body>

<form id="commonGet2PostForm"></form>

<script src="/cmp3100/webcomponents/html/js/commonGet2Post.js"></script>

<script language="JavaScript">

var url = "http\x3a\x2f\x2fmysite.studyonline.com\x2ftestPost.aspx\x3fAT\x3dLI\x26WID\x3dmyuser\x26ST\x3dSUCCESS\x26CSRF\x3d56b7d6e0-dd60-4359-bdd8-8c1441f4fbc4";

var formID = "commonGet2PostForm";

generateAndSubmitForm(url, formID);

</script>

</body>

</html>

2. Get CSRF Token from login result using parseCSRFToken

3.Get list meeting using callListMeetingAP

site url : https://wseonline.webex.com/wseonline/m.php

params : AT=LM&CSRF=56b7d6e0-dd60-4359-bdd8-8c1441f4fbc4&MU=GoBack&BU=http%3a%2f%2fmysite.studyonline.com%2ftestPost.aspx

result :

<html>

<head>

       <title> </title>

       <meta http-equiv="content-type" content="text/html; charset=UTF-8">

<meta name="description" content="1"><link rel="shortcut icon" href="/favicont29.ico" type="image/x-icon">

</head>

<body>

<form id="commonGet2PostForm"></form>

<script src="/cmp3100/webcomponents/html/js/commonGet2Post.js"></script>

<script language="JavaScript">

var url = "http\x3a\x2f\x2mysite.studyonline.com\x2ftestPost.aspx\x3fAT\x3dLM\x26ST\x3dFAIL\x26RS\x3dAccessDenied";

location.href=url;

</script>

</body>

</html>

Please advise me again.

Best Regards,

Atiwat

Hello,

have you solved your problem? How?

Thank's a lot

Hello again, Atiwat! I have not heard back from you; without knowing exactly what URL API calls your code generates, I can't provide any definite resolutions to your issue. The error you are getting back when using AT=LM regards the login status of the accounting making the call (i.e. the last logged-in user). From the URL API documentation:

Error Messages for the LM Command

AccessDenied The user is not logged in or the user’s session has timed out.

I am going to mark this thread as Answered. If you need more information, please contact technical support, or submit a new forum post.

Hello,

have you solved your problem? How?

Thank's a lot