Reputation:
Fiddler HTTP/1.1 401 Unauthorized
I have local Web API project which is NOT running through local IIS. To run the project I use F5 in Visual Studio 2013.
Using Fiddler, I keep getting:
HTTP/1.1 401 Unauthorized
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom 88 401 HTTP localhost:52787 /api/values 6,180 private text/html; charset=utf-8 fiddler:10724
I know I am supposed to get 200 but I am not. Where should I check what I am doing wrong?
Here is a screenshot from a browser. I am getting this when I go back to Fiddler to see the results, I just type http://localhost:52787/api/helloapi into URL (in a browser) and press enter:
And here is what I get when I go through Fiddler manually composing GET:
I have the option Automatically Authenticate checked.
Upvotes: 4
Views: 11532
Answers (4)
Reputation: 1
It happens because you have an Authorize attribute on your ValuesController [Authorize] public class ValuesController : ApiController
Just remove [Authorize] attribute on ValuesController
Upvotes: 0
Reputation: 498
I know this is an older post but if someone is still looking for an answer (like me) and the above answers did not resolve the problem then try this solution -
The above answers didn't work in my dev env which consists of VS 2017 and VSTS as I already had the <authorization> element set correctly in my web.config file. After a few hit and trials I figured that the source of the problem was somewhere else.
I needed to make the following change to "applicationhost.config" file which can be usually found under the path "C:\Users\xxx\Source\Repos\yyy\yyy\.vs\config" -
Locate the <anonymousAuthentication> element and make sure the "enabled" attribute is set to "true" as under:
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
Upvotes: 0
Reputation: 1724
I just had the same Problem. In my case it was caused by a deny clause in the web.config that forced all users to be authenticated. This works well in a browser because this handles the authentication behind the scenes and sends an appropriate authorization Cookie. In Fiddler this handshake does not take place and hence the 401. In the development environment add this to your web.config and it should work.
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
Upvotes: 1
Reputation: 57095
When you say "using Fiddler", what exactly do you mean?
If you are manually composing the request using Fiddler's Composer, either add an Authorization header yourself, or click the Composer's Options tab and check the Automatically Authenticate box.
Upvotes: 9
Related Questions
- 401 Unauthorized error web api mvc windows authentication
- Use Fiddler with Basic Authentication to access RESTful WebAPI
- Inspecting bearer token
- 401.2 Invalid Authentication Headers - Fixed by Fiddler
- Fiddler reporting different response code from API to that received by the calling app
- trying to get a oauth token using fiddler
- How debug 401 unauthorized error?
- Posting credentials to web API using Fiddler (not Basic Auth)
- Do I need to investigate HTTP 401 cached by Fiddler during the HttpWebRequest post to ASP.NET WebApi server
- Web API POST from fiddler returning 400 bad request, Your browser sent an invalid request