How to: Challenge response in PowerShell Script? :: Support Forum

El Guapo
Joined:: 2018-10-04
Posts:: 6
Location:: United States

How to: Challenge response in PowerShell Script?

2018-10-04 20:16

I am able to connect to a WebDAV site using WinSCP, and generated the code for that site in PowerShell. However, when I try the code to connect, I get an error saying the Basic challenge is rejected. I've been looking through code examples on the site and also through the forums before asking, but haven't found anything that allows me to handle this from a script. This script is a part of a scheduled automated workflow, so I would need a way to handle this that doesn't require any keyboard input.

Here's the barebones code generated by WinSCP:

# Load WinSCP .NET assembly
Add-Type -Path "WinSCPnet.dll"
 
# Set up session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Webdav
    HostName = "example.com"
    PortNumber = 443
    UserName = "username"
    Password = "password"
    WebdavSecure = $True
}
 
$session = New-Object WinSCP.Session
 
try
{
    # Connect
    $session.Open($sessionOptions)
 
    # Your code
}
finally
{
    $session.Dispose()
}

When connecting from the Windows app, I looked in the log & saw this:

. 2018-10-04 14:42:00.919 auth: Got challenge (code 401).
. 2018-10-04 14:42:00.919 auth: Got 'Basic' challenge.
. 2018-10-04 14:42:00.919 auth: Trying Basic challenge...
. 2018-10-04 14:42:00.919 auth: Accepted Basic challenge.

When I try my PowerShell script, I get this error:

. 2018-10-04 14:45:59.609 ah_post_send (#1), code is 401 (want 401), WWW-Authenticate is Basic realm="example.com"
. 2018-10-04 14:45:59.609 auth: Got challenge (code 401).
. 2018-10-04 14:45:59.609 auth: Got 'Basic' challenge.
. 2018-10-04 14:45:59.609 auth: Trying Basic challenge...
. 2018-10-04 14:45:59.609 auth: No challenges accepted.
. 2018-10-04 14:45:59.609 sess: Closing connection.
. 2018-10-04 14:45:59.609 sess: Connection closed.
. 2018-10-04 14:45:59.609 Request ends, status 401 class 4xx, error line:
. 2018-10-04 14:45:59.609 Could not authenticate to server: rejected Basic challenge
. 2018-10-04 14:45:59.609 Request ends.
. 2018-10-04 14:45:59.609 Asking user:
. 2018-10-04 14:45:59.609 Error listing directory '/Your Files'. ("Authentication failed.","Could not authenticate to server: rejected Basic challenge")
< 2018-10-04 14:45:59.609 Script: Error listing directory '/Your Files'.
< 2018-10-04 14:45:59.609 Script: Authentication failed.
 
< 2018-10-04 14:45:59.609 Could not authenticate to server: rejected Basic challenge
. 2018-10-04 14:45:59.609 Script: Failed
> 2018-10-04 14:45:59.796 Script: exit
. 2018-10-04 14:45:59.796 Script: Exit code: 1
. 2018-10-04 14:45:59.796 sess: Destroying session.

Any suggestions would be greatly appreciated. Thanks!

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,551
Location:: Prague, Czechia

Re: How to: Challenge response in Powershell Script?

2018-10-05

Please attach a full session log file showing listing of that directory both from GUI and your code.

Reply with quote

El Guapo
Joined:: 2018-10-04
Posts:: 6
Location:: United States

Re: How to: Challenge response in Powershell Script?

2018-10-05 16:24

Thank you for taking a look at this!
I've anonymized the login & connection info, but otherwise it is unchanged.

Last edited by El Guapo on 2018-10-05 16:30; edited 2 times in total

script.log (12.08 KB)

Description: Here is the log from my script

winscp.log (36.93 KB)

Description: Here is the application log

Reply with quote

martin◆ Site Admin

Re: How to: Challenge response in Powershell Script?

2018-10-09

Try to enable password logging with /loglevel=* command-line switch and check if the script is using correct credentials.

Reply with quote

El Guapo

Re: How to: Challenge response in Powershell Script?

2018-10-09 16:32

How would I do that from a PowerShell script? I copied/pasted the code directly from Session >Generate Session URL/Code. If I can connect via the GUI, why would the credentials be wrong in the generated code?

Reply with quote

El Guapo
Joined:: 2018-10-04
Posts:: 6
Location:: United States

Re: How to: Challenge response in Powershell Script?

2018-10-09 19:58

I decided to use a command line connection as generated by the GUI, formatted like this:

"C:\Program Files (x86)\WinSCP\WinSCP.com" /log="C:\test\test.log" /loglevel=2* /ini=nul /command "open https://username:password@server.com/"

Here's the output I got:

Connecting to host...
Authenticated.
Starting the session...
Session started.
Active session: [1] username@server.com

So there's not a problem connecting to the server & authenticating. It's whenever I try to take an action that I get the basic challenge issue:

winscp> dir
Error listing directory '/'.
Authentication failed.
Could not authenticate to server: rejected Basic challenge

I also tried using ls at the winscp prompt and got the same result. Somehow, the WinSCP GUI knows how to handle this, but I'm not finding anything in the documentation that tells me how to handle it.

Reply with quote

El Guapo

Re: How to: Challenge response in Powershell Script?

2018-10-10 22:00

I'm not sure if this helps at all, but they're using CrushFTP their FTP server.

Reply with quote

martin◆ Site Admin

Re: How to: Challenge response in Powershell Script?

2018-10-11

If it is an FTP server, why are you using WebDAV?

Reply with quote

El Guapo

Re: How to: Challenge response in Powershell Script?

2018-10-11 14:22

I didn't choose WebDAV. When I created the connection, WinSCP somehow detected that they were using WebDAV, and that's what is in the generated code from WinSCP. I've already tried changing the protocol and get connection errors. I'm just trying to figure out why the WinSCP GUI can handle the basic challenge, but my script using winscp.com can't.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,551
Location:: Prague, Czechia

Re: How to: Challenge response in Powershell Script?

2018-10-16

El Guapo wrote:

I'm just trying to figure out why the WinSCP GUI can handle the basic challenge, but my script using winscp.com can't.

I cannot tell that either from the log file.
The server seems to react differently to a different sequence of requests used by the script.

Reply with quote

dhebert Guest

Solution

2023-08-08 20:38

I was using the following function to download a number of files from a WebDAV server:

$session.GetFiles( $remotePath + 'PSW*.csv', $localPath + "\" ).Check()

And received the same error:

Exception calling "Check" with "0" argument(s): "Error transferring file..
Authentication failed.
Could not authenticate to server: rejected Basic challenge

Solution:
This error went away when I narrowed the criteria to a specific file that I was certain was on the WebDAV server.

Reply with quote