Reputation: 13460
HttpWebRequest not passing Credentials
I'm trying to use HTTPWebRequest to access a REST service, and am having problems passing credentials in, see code below. I've read that NetworkCredential doesn't support SSL, and I'm hitting an HTTPS site. Does anyone know of a class similar to NetworkCredential that does support SSL?
Uri requestUri = null;
Uri.TryCreate("https://mywebserver/webpage", UriKind.Absolute, out requestUri);
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(requestUri);
NetworkCredential nc = new NetworkCredential("user", "password");
request.Credentials = nc;
request.Method = WebRequestMethods.Http.Get;
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Upvotes: 33
Views: 57846
Answers (4)
Reputation: 8820
What kind of authentication mechanism is protecting the web service? The credentials set on HttpWebRequest will only be passed through HTTP's Authorization header via Basic, Digest or NTLM. So, if your web service is protected with WS-Security, the NetworkCredentials will probably not be passed on to the authentication scheme at all, because WS-Security doesn't operate at the HTTP level.
What you should do is create a Web Service client proxy for the web service through the command line tool wsdl.exe or something similar. That will give you access to Web Service aware authentication schemes.
Update after comments:
It seems like HttpWebRequest needs to receive the WWW-Authenticate challenge with a 401 Unauthorized before it can authenticate properly over SSL. I guess there's two separate code paths in HttpWebRequests handling regular HTTP traffic and encrypted HTTPS traffic. Anyway, what you should try, is:
- Execute an unauthenticated
HttpWebRequestto thehttps://.../URI. - Receive the
401 Unauthorizedresponse. - Execute the same request, now with both
Credentialsset (not sure ifPreAuthenticateshould betrueorfalse; test both). - You should now get
200 OKor whatever it is your Web Service responds with.
Another option is to build the Authorization header yourself on the initial request:
string credentials = String.Format("{0}:{1}", username, password);
byte[] bytes = Encoding.ASCII.GetBytes(credentials);
string base64 = Convert.ToBase64String(bytes);
string authorization = String.Concat("Basic ", base64);
request.Headers.Add("Authorization", authorization);
Upvotes: 28
Reputation: 8531
See if it shows up when you use the old-fashioned method:
string credentials = Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes("user"+ ":" + "password"));
request.Headers.Add("Authorization", "Basic " + credentials);
Upvotes: 49
Reputation: 1039438
If your server uses NTLM authentication you may try this:
CredentialCache cc = new CredentialCache();
cc.Add(
new Uri("https://mywebserver/webpage"),
"NTLM",
new NetworkCredential("user", "password"));
request.Credentials = cc;
Upvotes: 21
Related Questions
- HttpWebRequest using Basic authentication
- C# - passing authentication credentials with HttpWebRequest
- HttpWebRequest pass credentials to next HttpWebRequest
- HttpWebRequest and Authentication
- HttpWebRequest DefaultNetworkCredentials give error 401
- HttpWebRequest not passing Credentials simple form authentication
- Using HttpWebRequest in ASP.NET
- Passing username and password to .NET HttpWebRequest via URI does not work
- C# Network credentials not being passed to server?
- Why do I get a 401 Unauthorized when making a HttpWebRequest with the correct credentials?