Multifactor Authentication

Advertisement

joegold
Joined:
Posts:
4
Location:
Ottawa

Multifactor Authentication

Hi,
We have been using WinSCP to connect to an Enbridge site (ishare.egd.enbridge.com).
The existing code before the Multifactor Authentication was added is below under the asterisks. Now there is a authentication login before the execution of the code below:
.i.e. if you type https://ishare.egd.enbridge.com – you will see the Globalscape authentication.
How do I incorporate that new first login into the code below.?

I would appreciate your help. The programmer who wrote this code unexpectedly passed away and we are in a time jam to get this working. Thanks in advance,
FUNCTION enb_login

   IF !ISNULL(osess)
      RETURN .F.
   ENDIF
     
****************   
   TRY
      osessopt = CREATEOBJECT('winscp.sessionoptions')
      err = .F.
   CATCH
      err = .T.
   ENDTRY

   IF err = .T.
      = AERROR(_err)
      =display_console('019', 'ER', _err(2))
      RETURN
   ENDIF

   TRY
      osess = CREATEOBJECT('winscp.session')
      err = .F.
   CATCH
      err = .T.
   ENDTRY

   IF err = .T.
      = AERROR(_err)
      =display_console('020', 'ER', _err(2))
      RELEASE osessopt
      RETURN
   ENDIF

   TRY
      otransopt = CREATEOBJECT('winscp.transferoptions')
      err = .F.
   CATCH
      err = .T.
   ENDTRY

   IF err = .T.
      = AERROR(_err)
      =display_console('021', 'ER', _err(2))
      RELEASE osessopt
      RELEASE osess
      RETURN
   ENDIF

   TRY 
      oresumesupport = otransopt.resumesupport
      err = .F.
   CATCH 
      err = .T.
   ENDTRY

   oresumesupport.state = 2               && turn off transfer to temporary file

   IF err = .T.
      = AERROR(_err)
      =display_console('022', 'ER', _err(2))
      RELEASE osessopt
      RELEASE osess
      RETURN
   ENDIF

   WITH otransopt
      .transfermode = IIF(enbridge.transfer_mode = '01', 0, IIF(enbridge.transfer_mode = '02', 1, 2))
   ENDWITH

   WITH osessopt
      .protocol =IIF(enbridge.protocol = '01', 0, 1)
      .hostname = ALLTRIM(enbridge.url)
      .username = ALLTRIM(enbridge.login_id)
      .password = ALLTRIM(enbridge.password)
      .sshhostkeyfingerprint = ALLTRIM(enbridge.host_key)
      .portnumber = IIF(ALLTRIM(enbridge.port_number) = '01', '991', IIF(enbridge.port_number = '02', 22, ' '))
      
      IF !EMPTY(ALLTRIM(enbridge.private_key_path))
        .sshprivatekeypath = ALLTRIM(enbridge.private_key_path)
      ENDIF
      
      IF !EMPTY(ALLTRIM(enbridge.private_key_pass_phrase))
        .sshprivatekeypassphrase = ALLTRIM(enbridge.private_key_pass_phrase)
      ENDIF
       
   ENDWITH

   TRY
     osess.open(osessopt)
     err = .F.
   CATCH
      err = .T.
   ENDTRY

   IF err = .T.
      = AERROR(_err)
      =display_console('023', 'ER', _err(2))
      RELEASE osessopt
      RELEASE osess
      RELEASE otransopt
      RETURN
   ENDIF
  
   IF gm_bill_co = '4'
      RETURN .F.
   ENDIF

   from_dir = '/Biller'+enbridge.biller_code
   ofiles = osess.listdirectory(from_dir)

   DIMENSION rem_fls(10)

   FOR i = 1 TO ofiles.files.count
      IF ofiles.files.item(i - 1).isdirectory = .T. 
         rem_fls(i) = '/'+ofiles.files.item(i - 1).name+'/'
      ENDIF
   ENDFOR
   
   gm_remote_base_dir = ' '

   FOR i = 1 to i
      ofiles = osess.listdirectory(from_dir+rem_fls(i))

      FOR j = 1 TO ofiles.files.count
         IF ofiles.files.item(j - 1).isdirectory = .T.
            IF ofiles.files.item(j - 1).name = 'Input'
               gm_remote_base_dir = rem_fls(i)
               RETURN .F.
            ENDIF
         ENDIF
      ENDFOR
   ENDFOR
     
   RETURN .T.

ENDFUNC

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
38,209
Location:
Prague, Czechia

Re: Multifactor Authentication

It's not even clear from your code what protocol are you using. It seems that SFTP or SCP. But I do not see, what can SFTP or SCP can have to do with web based authentication. Do you have to go to a web page before you are able to use SFTP or SCP client? Does the web page somehow allow the local machine to make connections? Sorry this is all unclear to me.

Reply with quote

joegold
Joined:
Posts:
4
Location:
Ottawa

Multifactor Authentication

HI,
Thanks for your reply and sorry for the confusion.

The protocol we are using is SFTP.

Before the multi-factor authentication was in place, WinSCP would successful connect and login to the ishare.egd.enbridge.com SFTP site. From there it would access the necessary folders and files (i.e. code script from previous email).

Now however, if you access the above site there is now a Globalscape login for the authentication process before the connection occurs. There is a push requirement to generate a code on a mobile phone which then the user has to type in in order to login. So my question is how do we address or code this part using WinSCP?
The code could include a pause where the user types in the generated code, which is fine but then would connect to the same ftp site and folder/file location as before programmatically.

I have added the Globalscape documentation as well for the MFA if that helps.

Looking forward to your reply.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
38,209
Location:
Prague, Czechia

Re: Multifactor Authentication

So you manually go to the web site and have the code generated somehow, right? And then you login with SFTP and the server prompts you for that code instead of (or in addition to) the password?

And now you want to do what? You want to modify your script to ask for the code and use it in WinSCP API?

It's not clear from your code what are the multiple factors though.
If you need to specify both the code and the password, then it won't work as WinSCP .NET assembly does not support multiple "passwords" yet:
Bug 1928 – Support for multiple passwords in automation
But it can use a password/code and a public key for example.

Reply with quote

joegold
Joined:
Posts:
4
Location:
Ottawa

Multifactor Authentication

The script I had provided automatically connects to the STFP site - but now there is a another layer that asks for user and password and once that is validated, a code must be pushed and entered.
This push code and entry is the new part. How do I incorporate this into the existing code that I had provided (where before the user and password takes you directly to the site and access to folders etc). The user and password is still entered only once, but now there is that push code, pause to wait for user to enter random generated code on phone, then enter code and resume to site as per my existing script.

Thanks,

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Multifactor Authentication

Sorry, but you are not answering my questions. We know all that already. But that's all high level stuff. We need low level technical details, if you want our help. If you are not able to explain that, post at least screenshots of the login process using any SFTP client that can handle it.

Reply with quote

Advertisement

You can post new topics in this forum