Reputation: 2714
How to use HttpWebRequest.Credentials Property for Basic Authentication?
How can I use the Webrequest Credentials Property to send an basic authentication header?
Why isn't the Authorization header send with the request even whenPreAuthenticate is set to true?
WebRequest request = (HttpWebRequest)WebRequest.Create("https://api.github.com/user");
request.Credentials = new NetworkCredential("githubUsername", "githubPassword");
request.PreAuthenticate = true;
var response = request.GetResponse();
Upvotes: 4
Views: 28620
Answers (3)
Reputation: 2714
The server should send a HTTP 401 Not Authorized response code containing a WWW-Authenticate HTTP header.
WWW-Authenticate: Basic realm="example"
The PreAuthenticate property only works after authentication has taken place. From MSDN:
true to send an HTTP Authorization header with requests after authentication has taken place; otherwise, false. The default is false.
See other answers for more in depth explanation.
Upvotes: 5
Reputation: 2714
I've done some additional research based on Måns Tånneryd`s answer. And the link he posted in his comment: PreAuthenticate Property of WebRequest - Problem.
First of all as described in his link the HttpWebRequest.PreAuthenticate Property does NOT send the Authentication header PRE authentication, but pre sends it in following requests, after Authentication. From MSDN:
true to send an HTTP Authorization header with requests after authentication has taken place; otherwise, false. The default is false.
So even with the PreAuthenticate property set to true, we still need an WWW-Authenticate challenge with a 401 Unauthorized before anything happens. Now if we try to authenticate against github with the following code:
WebRequest request = (HttpWebRequest)WebRequest.Create("https://api.github.com/user");
request.Credentials = new NetworkCredential("githubUsername", "githubPassword");
var response = request.GetResponse();
An WebException will be thrown, because we don't get a WWW-Authenticate challenge. If we capture this in Fiddler we will get the following:
However if we try this, with the exact same code, against a website that does return a WWW-Authenticate challenge we will see the following in Fiddler:
And the response will have the result as expected.
Upvotes: 4
Reputation: 503
I can successfull run this code accessing another server that also requires both SSL and authentication. This server differs from the github in that the github returns a json result saying that it requires authentication and the other server returns a "classic" 401 html page. Sniffing the network you can see that the .net code tries to do anonymous auth even if you do set preauth to true which I think is rather confusing. However, upon receiving a regular 401-page it tries again, and this time with the auth info and everything works. It seems to me though as if .net reacts differently upon receiving the json version of a 401, not making a second try.
I guess this is not the answer you are looking for but hopefully it sheds some more light on the situation.
Upvotes: 3
Related Questions
- HttpWebRequest using Basic authentication
- HttpWebRequest and forms authentication in C#
- HttpWebRequest Auth Post Request in c#
- Sending Basic authentication over http
- C# - passing authentication credentials with HttpWebRequest
- HttpWebRequest pass credentials to next HttpWebRequest
- HttpWebRequest and Authentication
- Using HTTP Authentication with a C# WebRequest
- Using HttpWebRequest in ASP.NET
- System.Net.WebRequest Custom Credentials