Welcome Guest [Log In] [Register]

Welcome to LawsonTalk. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. After registration, please check your e-mail within 24 hours for an message from us, read it, and reply to it. Join our community! If you're already a member please log in to your account to access all of our features: Username:   Password: Log In

Logon vs pwlog command; connecting to Lawson
Topic Started: Feb 8 2009, 02:38 PM (372 Views)
akaEdge	Feb 8 2009, 02:38 PM Post #1
Newbie Posts: 2 Group: Members Member #14,625 Joined: February 2, 2009	I am attempting to connect to Lawson v13 API and am attempting to use the MvxLib open source C# code to do so. MvxLib was written some time ago and back in Movex 10 the code used the "LOGON" command with plain text user names and passwords. For Movex 12 the library uses the "PWLOG" command and a simple XOR cipher for password encryption. Neither of these works for me now with version 13 and I was wondering if anyone here can give me an insight as to what I should be using now (is it a new/different command, a different password encryption?) I have alternate access and can confirm that I do have a connection to the correct machine and that my user name and password are correct. Here are the strings I am using - for those that don't know C#, the padright string function just makes sure the strings are the specified length. So let me know if the username should be longer than 16 characters! The LOGON command (movex 10): string command = "LOGON" + Environment.MachineName.PadRight(32) + username.PadRight(16) + password.PadRight(16) + (library + "/" + program).PadRight(32) + program.PadRight(32); The PWLOG command (movex 12) - note that it has no library parameter: string command = "PWLOG" + Environment.MachineName.PadRight(32) + username.PadRight(16) + Movex12PasswordCipher(password).PadRight(13) + program.PadRight(32); If anyone knows where I might be able to get some documentation on this I would be extremely grateful too! I have access to the support.lawson.com website too (through my client) if there is something on there I should take a look at. Thanks for all and any help with this!!
akaEdge	Feb 15 2009, 01:40 PM Post #2
Newbie Posts: 2 Group: Members Member #14,625 Joined: February 2, 2009	Looks like this is too low-level for this forum... I've done some digging around, and can confirm that PWLOG is the correct command and that the new encryption method is Blowfish. Here is some text from a PDF I found: " 4.1 Encryption algorithm In Movex API, we use a symmetric algorithm named Blowfish that is developed by Bruce Schneier. Blowfish is a 64 bits block cipher with a variable key length. This algorithm is similar to DES and is equally safe but significantly faster. Nevertheless, the use of encryption will slow down communication by approximately 30-40 % The key length may vary between 32 and 448 bits. In the Movex implementation, we have set the key length to 128. The algorithm can execute in one of several modes. We have chosen to use CFB (Cipher-Feedback). This mode works well in communication environments and is partly self-recoverable. In cases where the cipher text gets garbled due to “noise” in the communication line, only a maximum of 8 letters gets destroyed. After that, the system recovers and all subsequent ciphertext is decrypted correctly. " The Blowfish key for encrypting the password is the API authorisation key that you set up in Lawson. The command then becomes: (note that some of the string lengths have changed too) string command = "PWLOG" + Environment.MachineName.PadRight(32) + username.PadRight(16) + BlowfishEncrypt(password, ApiAuthKey).PadRight(16) + program.PadRight(64) + "192.168.201.76 "; // the machine you are connecting to I will be forwarding my updates to the author of MvxLib to allow others to use this stuff too.

« Previous Topic · Security · Next Topic »

Community     Meet and Greet     General     News Bulletin     Member Articles     OFF TOPIC!! (NEW) Lawson M3     Lawson M3 - General Lawson Functional     HR/Payroll     Financials (GL, AR, AP, ..)     Procurement     Reporting (NEW!!)     Security     Other Upgrades     UPGRADE: 8.1 Tech / LSF 9.0     UPGRADE: All other upgrades Lawson Technical     LSF 9.0 (NEW!!)     Coding, Program Errors and Bugs     System Admin     BCI, Processflow and Addins     Database     Other Lawson Jobs     Job Listing     Candidate Listing LawsonTalk     Hints! Go