Query Database through XML-SOAP

jleon · ‎2020-10-14

Im testing the XML SOAP with a simple SQL Query, however Im not sure if Im using the correct syntax because i cant see the data and the software prompt some errors.

The software used is SOAPUI 5.6

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:scx6="http://serck-controls.com/webservices/SCX6/">
<soapenv:Header/>
<soapenv:Body>
<scx6:ExecuteQuery>
<scx6:SQL>SELECT TOP(5) FULLNAME FROM CDBPOINT</scx6:SQL>

</scx6:ExecuteQuery>
</soapenv:Body>
</soapenv:Envelope>

The connection configured is http://localhost:85/webservices/scx

BevanWeiss · ‎2020-10-14

I think your endpoint URL is wrong.

http://localhost:85/webservices/scx

I think this should most likely just be:

http://localhost/webservices/scx

IIF you allow insecure HTTP... otherwise you could go with https://localhost/webservices/scx

The reason I think 85 is wrong is that if you installed the 'new' (old) IIS-based WebX then it will also install itself at port 85, and this will conflict with your ClearSCADA WebX which defaults to port 80, but which you say you have configured as port 85.

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

jleon · ‎2020-10-15

Hello bevan

I changed the port for webX to 80 and checked the option for insecure http from the server configuration, but the software still prompt errors.

Could be the syntax?

BevanWeiss · ‎2020-10-16

I'd recommend that you start with something a bit more structured before you go hand creating the SOAP requests

https://tprojects.schneider-electric.com/telemetry/display/public/CS/Using+SOAP+interface+to+connect...

I believe that you could even directly import in the Web Service references if you're using a recent version of Visual Studio, and your Visual Studio environment has access to the ClearSCADA (or Geo SCADA Expert) server.

Then once you have something working, you could use wireshark or similar to snoop on the traffic to get the structure of the requests / responses.

I think you should also go back to first principles with your fault finding. You say 'the software still prompts errors'... that means literally nothing. Does this error say 'Buy a licence to use this software'??.. because if so, maybe you solve the problem by buying a licence to use the software... (SOAP UI is free-to-use software.. so I suspect it's not this, but you also clearly haven't told us either way..)

So start from the beginning, things like

can you ping the server
can you perform a TCP connection to the port that you think should work for this SOAP request
can you issue the most simple SOAP request to the endpoint (perhaps even an empty request which may just respond with an HTTP 200 OK response)...
does anything else work when trying to use SOAP UI against this same server
have you tried any other software
does ViewX have any issues when used to do the same server query

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

jleon · ‎2020-10-30

Answer to your questions

So start from the beginning, things like

can you ping the server-- Yes
can you perform a TCP connection to the port that you think should work for this SOAP request. Yes
can you issue the most simple SOAP request to the endpoint (perhaps even an empty request which may just respond with an HTTP 200 OK response)... Yes
does anything else work when trying to use SOAP UI against this same server. Yes
have you tried any other software. Yes
does ViewX have any issues when used to do the same server query. No

I tried with the code below. I can execute the query when the database is accesible by the guest user, when i configure the security, even using the object System.Net.NetworkCredential, the query is null.

object[] obj;
SOAPconsole.localhost.SCXService MySoap;
MySoap = new SOAPconsole.localhost.SCXService();

MySoap.Url = "http://localhost/webservices/scx";
System.Net.NetworkCredential userDefined = new System.Net.NetworkCredential("User","Password");
MySoap.Credentials = userDefined;

try {
obj = new object[0];
bool limit;
bool size;
object[][] retobj;
retobj = MySoap.ExecuteQuery("Select fullname from CDBObject", obj, out limit, out size);
Console.WriteLine("Query executed. Number of elements polled: " + retobj.Length);
for (int i = 0; i < retobj.Length; i++)
Console.WriteLine(retobj[i][0].ToString());
}
catch (Exception ex) {
Console.WriteLine(ex.Message);
}
Console.ReadLine();

BevanWeiss · ‎2020-11-01

What does Wireshark say when you look at the traffic?

I suspect that your authentication isn't working.

I doubt that ClearSCADA will return a 401 'Authorization Request', since technically for that URL the Guest user (i.e. no authentication user) does have certain authorization, just typically it will be so low that it's meaningless (i.e. no visibility/browse permissions for any objects).

You probably just want to force the authentication elements into the request header rather than trying to use the NetworkCredentials.

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

BevanWeiss · ‎2021-04-07

I've learnt new things about the SOAP interface.

Even though SOAP itself has an authentication method available (WS-S), Geo SCADA Expert instead uses cookies.

What is required is to send a PUT to /logon with a body of

username={USERNAME}&password={PASSWORD}&redir=/

This will then provide you some cookies which should be sent alongside every other HTTP request.

This info came from the Node-RED stuff that Steve Beadle did here:

https://github.com/GeoSCADA/Node-Red-GeoSCADA/blob/master/GeoSCADA.js

It looks like the cookies have an expiry time also, so it may require some additional consideration around that.

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

Invite a Co-worker

Invitation Sent