What authentication header to use?

jonneymendoza · May 24, 2013, 8:06am

Hi.

i am currently developing a SIP client in pure java using the JAIN SIP API to reigster, authenticate and send messages to a Asterisk server running on a seperate machine.

I have approached the Registering and authentication process in two steps:

make a register SIP request
if response is 401(which it is) retrieve the WWW-AuthenticatonHeader from Asterisk and use the nonse to generate a md5 hash for the response field to be set on a AuthenticationHeader that i am populating.

The md5 will hash the username, password, request type etc and add it to a AuthenticationHeader.

After this, i then send the same request i made previously but with the AuthenticationHeader attached.

This is the example my code is based on:

vkslabs.com/sip-register-request-using-jain-sip/

The issue i am having is that the Asterisk server keeps responding with a 401 status code dispite adding the AuthHeaders with its md5 hashes of the username and password contained so i am wondering if Asterisk server uses a different kind of authentication challenge/method?

How can i access the Logs from Asterisks to see exactly why it rejects my Auth requests? Could it be bad username and password? invalid nonse?

At the moment the server just returns 401 without more information on exactly what is the issue.

Thanks

david55 · May 24, 2013, 10:01am

For logging see wiki.asterisk.org/wiki/display/ … nformation

Given that large number of phones that successfully authenticate with Asterisk, you can assume that Asterisk uses the authentication method that it specifies in the WWW-AuthenticatonHeader, and that that is a commonly implemented one.

jonneymendoza · May 24, 2013, 2:26pm

How can i see which is the issue with my authentication?

the server only returns a very generic 401 error. i do not know if my password is wrong? my md5 hash is wrong? etc.

Is there a way to find this out because all the logs show me is this:

NOTICE[1742] chan_sip.c: Registration from ‘sip:10.161.45.23:5060’ failed for ‘10.184.192.147:5060’ - No matching peer found

david55 · May 24, 2013, 3:02pm

It looks like your address of record is wrong. Asterisk matches the address of record on the user part, and you appear to have no user part. If the IP part is anything other than the address of Asterisk itself, you probably don’t need to register at all, as you can probably use a static address.

The message is saying that it failed to find a sip.conf entry against which to authenticate.

In the SIP protocol itself, you are not going to get anything more than a generic error, as to do anything else would help an attacker.

I think there is an option to match on authuser, but that would be unusual.

Topic		Replies	Views
Authentication header Asterisk Support	0	177	December 31, 2005
Status code 401 unauthorized Asterisk Support	1	323	June 27, 2013
Problem authenticated with IAX and Asterisk Asterisk General	0	273	January 16, 2008
Time validity SIP authentication Asterisk Support	0	226	May 9, 2011
200 OK not coming after 401 Asterisk SIP	3	378	August 14, 2020

What authentication header to use?

Related topics