55

I am integrating web service that will use an HTTP-POST to request and retrieve data. The remote server requires basic authentication as per RFC 2617

My attempts to authenticate are failing.

It fails in that, even though I attach a 'NetworkCredential' object to the 'Credentials' property of a 'HttpWebRequest' object, no authentication information is sent in the header, even if I set 'PreAuthenticate' = true.

What am I missing?

//chunk used

NetworkCredential netCredential = new NetworkCredential(" uid", "pwd"); Uri uri = new Uri("http://address of services"); ICredentials credentials = netCredential.GetCredential(uri, "Basic"); objRegistration.Credentials = credentials; objRegistration.PreAuthenticate = true;
Improve this question
1
  • 6
    From MSDN: WebRequest.PreAuthenticate: With the exception of the first request , the PreAuthenticate property indicates whether to send authentication information with subsequent requests without waiting to be challenged by the server, and HttpWebRequest.PreAuthenticate: After a client request to a specific Uri is successfully authenticated, if PreAuthenticate is true... Commented Sep 14, 2014 at 14:20

4 Answers 4

Reset to default
119

I've just found this very handy little chunk of code to do exactly what you need. It adds the authorization header to the code manually without waiting for the server's challenge.

public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword) { string authInfo = userName + ":" + userPassword; authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo)); request.Headers["Authorization"] = "Basic " + authInfo; }

Use it like this

var request = WebRequest.Create("http://myserver.com/service"); SetBasicAuthHeader(request, userName, password); var response = request.GetResponse();
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

seems there's be a better way, but I'll vote for it anyway ;)
This is the correct answer, I dont know what Himanshu is talking about.
I think it is because the .Net client will typically wait for the server to challenge it for its credentials before sending them. But some servers never send the challenge, so the only way to get the request to succeed is manually include the header.
+1 From MSDN: WebRequest.PreAuthenticate: With the exception of the first request , the PreAuthenticate property indicates whether to send authentication information with subsequent requests without waiting to be challenged by the server, and HttpWebRequest.PreAuthenticate: After a client request to a specific Uri is successfully authenticated, if PreAuthenticate is true...
Nice you copied the code, since the original link is now 404.
|
8

Improving a little bit on samuel-jack's accepted answer. Instead of using the default encoding "ISO-8859-1" should be used as mentioned in this answer What encoding should I use for HTTP Basic Authentication?

So the code would look like this:

public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword) { string authInfo = userName + ":" + userPassword; authInfo = Convert.ToBase64String(Encoding.GetEncoding("ISO-8859-1").GetBytes(authInfo)); request.Headers["Authorization"] = "Basic " + authInfo; }
Improve this answer

Comments

6

I found this question while looking for the answer, the answer given works but is not flexible so if you would like a better .NET way of doing this.

Uri uri = new Uri("http://address of services"); HttpWebRequest objRegistration = (HttpWebRequest)WebRequest.Create(url); CredentialCache credentials = new CredentialCache(); NetworkCredential netCredential = new NetworkCredential(" uid", "pwd"); credentials.Add(uri, "Basic", netCredential); objRegistration.Credentials = credentials;

You can replace "Basic" with "Digest", "NTLM" or "Negotiate" as well as this giving the ability to add multiple types to the cache as well.

Improve this answer

1 Comment

I wouldn't say this method is more flexible, or a better .Net way. Setting authentication type and credentials in CredentialCache doesn't seem to affect / set "Authorization" header directly. Setting CredentialCache will not help in situation mentioned above (When there is no challenge / 401 status code from server.).
3

Here's my solution for OAuth. The value is in variable json.

var myUri = new Uri(fullpath); var myWebRequest = WebRequest.Create(myUri); var myHttpWebRequest = (HttpWebRequest)myWebRequest; myHttpWebRequest.PreAuthenticate = true; myHttpWebRequest.Headers.Add("Authorization", "Bearer " + AccessToken); myHttpWebRequest.Accept = "application/json"; var myWebResponse = myWebRequest.GetResponse(); var responseStream = myWebResponse.GetResponseStream(); if (responseStream == null) return null; var myStreamReader = new StreamReader(responseStream, Encoding.Default); var json = myStreamReader.ReadToEnd(); responseStream.Close(); myWebResponse.Close();
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.