Use Fiddler with Basic Authentication to access RESTful WebAPI

Question

I have a WebAPI that works without issue. I have tested locally and deployed to my server and configured this service in IIS to use Basic Authentication. I am able to browse to my service and I receive the Authentication challenge I expect and all works swimmingly! Now I want to use Fiddler to test this and I have constructed a POST to a specific url and I got a 401 (Unauthorized) error. So I decided to add a base64 string in my Request Header and I am now getting a 500 error.

What I would like to know is, does my Request Header look correct? I am obviously going to obfuscate my Host and base64 string which contains the format username:password for the Authentication challenge.

User-Agent: Fiddler
Host: xxx.xxx.xxx.xxx:xxxx
Content-Length: 185
Content-Type: text/json
Authorization: Basic jskadjfhlksadjhdflkjhiu9813ryiu34

Answer 1

I hope this helps someone who is a newbie like me.

If you are using GET, using [ ] around the token would not work.

Following did not work:-

Authorization: Basic [MkgzczhaVnhZNG13d1FkTVJ2ZmZMQzFQQnhZRG5WdUVhbDNiVWs0ZldDdzo=]

Following worked:-

Authorization: Basic MkgzczhaVnhZNG13d1FkTVJ2ZmZMQzFQQnhZRG5WdUVhbDNiVWs0ZldDdzo=

Answer 2

I found that in Fiddler 4, all I had to do was check the Automatically Authenticate option that is on the Rules menu.

Answer 3

Newer versions of Fiddler (I tested in v4.6.20172.31233) will create and add the necessary Authorization header for you automatically if you specify the username and password in the Composer URL field like so:

https://SomeUser:SomePass@sitename

Upon executing, this strips it out of the URL and turns into an HTTP header like:

Authorization: Basic U29tZVVzZXI6U29tZVBhc3M=

Answer 4

I know this is an older post but when I first was looking at how to do this I came across this post and knew it was the answer but I still didn't know things like did the credentials need to be coma separated etc. So, just in case this might help someone out here are my notes for Fiddler I put together for a JSON POST.

First you need to Base64 encode your "username:password"
    • Go to Tools | Text Wizard | To Base64 in dropdown

Post a message in the Composer tab
    • Change the type to POST in the dropdown.
    • Put in the URL
    • Add the following to the top header section.
        ○ Authorization: Basic ReplaceWithYourEncodedCredtials=
        ○ Content-Type: application/json; charset=utf-8
    • Add some JSON content to the body
        ○ [{"Address1":null,"Address2":null,"BirthDate":"1967-10-06T00:00:00","City":null,"CompanyHireDate":"2011-06-03T00:00:00","EmailAddress":"myEmail@company.com","EmployeeNumber":"112233","FirstName":"JOHN","LastName":"DOE","PhoneNumber":null,"State":null,"UserName":"JDoe","ZipCode":null}]

Answer 5

AlexGad is right. Once the ToBase64 encoding is created, under the header while composing the request, add the following line:

Authorization: Basic [encoded_value]

Now execute the request, it should work! :)

Answer 6

Fiddler has a tool that does the Base64 for you. Just create your string: username:password and then go to Tools -> TextWizard and enter the username password combo and choose ToBase64. Copy and paste that into your Authorization header and you should be good to go.