none
(WUSP)SimpleAuthWebService/SimpleAuth.asmx return error, 403 Forbidden

    Frage

  • Hi,all

    I'm trying to develop WUA client by using WUSP protocol. As you know ,there are three parts in WUSP protocol, including Client web service, Simple auth web service and reporting web service.

    Everything is OK when I use Client web service method such as GetConfig to comminucate with https://www.update.microsoft.com/v6/ClientWebService/client.asmx.

    However I meet trouble when I use Simple auth web service(GetAuthorizationCookie) to get authorization cookie from https://www.update.microsoft.com/v6/SimpleAuthWebService/SimpleAuth.asmx. The server always return  403 Forbidden.

    I have no idea about this error. Is the server url invalid ?  Or other mistake?

    Thank you for your attention.

    Dienstag, 2. April 2013 08:22

Antworten

  • I'm trying to develop WUA client...

    ..o..k..a..y.. (I'm curious about why? ..but it's really off-topic here, so I'll curb my curiosity.)

    Everything is OK when I use Client web service method such as GetConfig to comminucate with https://www.update.microsoft.com/v6/ClientWebService/client.asmx.

    However I meet trouble when I use Simple auth web service(GetAuthorizationCookie) to get authorization cookie from https://www.update.microsoft.com/v6/SimpleAuthWebService/SimpleAuth.asmx.

    Hmmmm.. so now you actually have a few challenges. :)

    1. This is the WSUS forum, so we're not really a resource to talk about how Windows Update responds to calls to these webservices.
    2. Nor do we delve much into the behaviors of the WUAgent, except within the scope of how it interacts with WSUS.

    Questions concerning development protocols are probably best asked in the MSDN forums.

    The server always return 403 Forbidden.

    However this behavior I do not find unusual at all. Your 'agent' probably doesn't have the requisite certificates to communicate directly with Windows Update. Nor is it likely that you'll be able to obtain them.

    This is all outgrowth of the Flame malware from last April and the methodologies it implemented to invoke a man-in-the-middle attack on Windows Update. I suspect if you want to successfully test your 'agent', you'll need to install a WSUS server. In addition, you'll have the added advantage of the web-site logfiles to help diagnose failures; otherwise, there's not much feedback you're going to get from HTTP 403 errors talking to microsoft.com.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Dienstag, 2. April 2013 21:34
    Moderator

Alle Antworten

  • I'm trying to develop WUA client...

    ..o..k..a..y.. (I'm curious about why? ..but it's really off-topic here, so I'll curb my curiosity.)

    Everything is OK when I use Client web service method such as GetConfig to comminucate with https://www.update.microsoft.com/v6/ClientWebService/client.asmx.

    However I meet trouble when I use Simple auth web service(GetAuthorizationCookie) to get authorization cookie from https://www.update.microsoft.com/v6/SimpleAuthWebService/SimpleAuth.asmx.

    Hmmmm.. so now you actually have a few challenges. :)

    1. This is the WSUS forum, so we're not really a resource to talk about how Windows Update responds to calls to these webservices.
    2. Nor do we delve much into the behaviors of the WUAgent, except within the scope of how it interacts with WSUS.

    Questions concerning development protocols are probably best asked in the MSDN forums.

    The server always return 403 Forbidden.

    However this behavior I do not find unusual at all. Your 'agent' probably doesn't have the requisite certificates to communicate directly with Windows Update. Nor is it likely that you'll be able to obtain them.

    This is all outgrowth of the Flame malware from last April and the methodologies it implemented to invoke a man-in-the-middle attack on Windows Update. I suspect if you want to successfully test your 'agent', you'll need to install a WSUS server. In addition, you'll have the added advantage of the web-site logfiles to help diagnose failures; otherwise, there's not much feedback you're going to get from HTTP 403 errors talking to microsoft.com.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Dienstag, 2. April 2013 21:34
    Moderator
  • Thank you, Lawrence. 

    I'll try to test my agent with a WSUS server.

    Freitag, 5. April 2013 02:02