发表新帖
发表新帖

How to use HttpWebRequest.Credentials Property for Basic Authentication?

后端 未结
关注
3 1694
眼角桃花
眼角桃花 2020-12-18 08:33

How can I use the Webrequest Credentials Property to send an basic authentication header? Why isn\'t the Authorization header send with the request even when

相关标签:
3条回答
  • 眼角桃花
    2020-12-18 09:01

    The server should send a HTTP 401 Not Authorized response code containing a WWW-Authenticate HTTP header.

    WWW-Authenticate: Basic realm="example"

    The PreAuthenticate property only works after authentication has taken place. From MSDN:

    true to send an HTTP Authorization header with requests after authentication has taken place; otherwise, false. The default is false.

    See other answers for more in depth explanation.

    0 讨论(0)
  • 囚心锁ツ
    2020-12-18 09:03

    I can successfull run this code accessing another server that also requires both SSL and authentication. This server differs from the github in that the github returns a json result saying that it requires authentication and the other server returns a "classic" 401 html page. Sniffing the network you can see that the .net code tries to do anonymous auth even if you do set preauth to true which I think is rather confusing. However, upon receiving a regular 401-page it tries again, and this time with the auth info and everything works. It seems to me though as if .net reacts differently upon receiving the json version of a 401, not making a second try.

    I guess this is not the answer you are looking for but hopefully it sheds some more light on the situation.

    0 讨论(0)
  • 一生所求
    2020-12-18 09:10

    I've done some additional research based on Måns Tånneryd`s answer. And the link he posted in his comment: PreAuthenticate Property of WebRequest - Problem.

    First of all as described in his link the HttpWebRequest.PreAuthenticate Property does NOT send the Authentication header PRE authentication, but pre sends it in following requests, after Authentication. From MSDN:

    true to send an HTTP Authorization header with requests after authentication has taken place; otherwise, false. The default is false.

    So even with the PreAuthenticate property set to true, we still need an WWW-Authenticate challenge with a 401 Unauthorized before anything happens. Now if we try to authenticate against github with the following code:

    WebRequest request = (HttpWebRequest)WebRequest.Create("https://api.github.com/user");
request.Credentials = new NetworkCredential("githubUsername", "githubPassword");

var response = request.GetResponse();

    An WebException will be thrown, because we don't get a WWW-Authenticate challenge. If we capture this in Fiddler we will get the following:

    enter image description here

    However if we try this, with the exact same code, against a website that does return a WWW-Authenticate challenge we will see the following in Fiddler:

    enter image description here enter image description here

    And the response will have the result as expected.

    0 讨论(0)
 看不清?
提交回复
热议问题