logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Kuma  
#1 Posted : Wednesday, October 11, 2017 9:21:16 AM(UTC)
Kuma


Rank: Guest

Joined: 10/11/2017(UTC)
Posts: 2
France

Hi,

I'm a new user of SC and I want try to use API.

I want get users list and launch a command to one or all user and get the response.

My first request for get users list works correctly, but the second fail with ajax...

Sercice.ashx :

Code:
public class Service : WebServiceBase
{
	public object[,] GetSessions()
	{
		Session[] allSessions = SessionManagerPool.Demux.GetSessions();

		string[,] array2D = new string[allSessions.Length,3];
	
		for (int i = 0; i < allSessions.Length; i++)
		{
			array2D[i,0] = allSessions[i].CustomPropertyValues.ToString();
			array2D[i,1] = allSessions[i].Name;
			array2D[i,2] = allSessions[i].SessionID.ToString();
		}
		return array2D;
	}
	
	public object ExecuteCommand(string SessionID, string commandText)
	{
		SessionManagerPool.Demux.AddSessionEvent(new Guid(SessionID), new SessionEvent 
		{
			Host = "ExecuteCommand", 
			EventType = SessionEventType.QueuedCommand, 
			Data = commandText
		});
		return "Success";
	}
}


request.js :

Code:
var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://kmexpert.screenconnect.com/App_Extensions/1df8aea1-ca3f-4a73-933f-bbcc679001a4/Service.ashx/ExecuteCommand",
  "method": "POST",
  "headers": {
    "content-type": "application/json"
  },
  "processData": false,
  "data": "[\"15ac0278-a512-4ebc-a155-1c0477250788\",\"ipconfig\"]"
}

$.ajax(settings).done(function(response) {
  document.getElementById('call-history').innerHTML = "success : " + JSON.stringify(response);
}).fail(function(response) {
  document.getElementById('call-history').innerHTML = "error : " + JSON.stringify(response);
});


You can try here : https://jsfiddle.net/v8y7cg2q/2/

In the debug console, I have :

Code:
https://kmexpert.screenconnect.com/App_Extensions/1df8aea1-ca3f-4a73-933f-bbcc679001a4/Service.ashx/ExecuteCommand?[%2215ac0278-a512-4ebc-a155-1c0477250788%22,%22ipconfig%22] 403 (Forbidden)
Failed to load https://kmexpert.screenconnect.com/App_Extensions/1df8aea1-ca3f-4a73-933f-bbcc679001a4/Service.ashx/ExecuteCommand?[%2215ac0278-a512-4ebc-a155-1c0477250788%22,%22ipconfig%22]: Response for preflight has invalid HTTP status code 403


I have try already with a curl request and it works !
Code:
curl --request POST \
  --url https://kmexpert.screenconnect.com/App_Extensions/1df8aea1-ca3f-4a73-933f-bbcc679001a4/Service.ashx/ExecuteCommand \
  --header 'content-type: application/json' \
  --data '["15ac0278-a512-4ebc-a155-1c0477250788","ipconfig"]'

I have look a lot of topic and this topic : http://forum.screenconnect.com/yaf_postst1210_Another-Integration-Demo.aspx
But I don't know how to add a key to file web.config with a cloud instance...

Thank you for your help and sorry for my english !

Edited by user Wednesday, October 11, 2017 9:27:48 AM(UTC)  | Reason: Not specified

Scott  
#2 Posted : Friday, October 13, 2017 12:06:53 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,517
United States

Thanks: 3 times
Was thanked: 305 time(s) in 262 post(s)
You get the 403 from the first method likely because of XSS and CSRF defense measures we've implemented for security reasons in roughly 6.0ish. At this time I do not believe there is a way to disable this protection within the cloud.

Also, you should add some kind of authentication to your methods, I was just able to hit your first method based upon information in your post and I'm guessing I could execute commands against your sessions based upon the information returned.
ScreenConnect Team
Kuma  
#3 Posted : Saturday, October 14, 2017 4:28:36 PM(UTC)
Kuma


Rank: Guest

Joined: 10/11/2017(UTC)
Posts: 2
France

Hi,

Thanks for your response.

Does it mean there is no way to use ajax?

Scott  
#4 Posted : Thursday, October 26, 2017 12:37:17 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,517
United States

Thanks: 3 times
Was thanked: 305 time(s) in 262 post(s)
Quote:
Does it mean there is no way to use ajax?


From my understanding yes.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.