CODEWITHSUNDEEP
c#asp.net-mvcrestrestful-authentication
Hoodlum
Hoodlum

Reputation: 1503

Having problems making a call to RESTful api without authorization?

I need to call a RESTful API without any authorization. The API utilizes its own custom authorization. I can successfully access the API utilizing Postman, but from my application the call to the exact same URL fails with "Access Denied". The only difference I can see is Postman is set to "No Auth"

Here is the code making the call:

var task = client.GetAsync(url)
        .ContinueWith((taskwithresponse) =>
        {
            var response = taskwithresponse.Result;
            var jsonString = response.Content.ReadAsStringAsync();
            jsonString.Wait();
            var model = JsonConvert.DeserializeObject<object>(jsonString.Result).ToString();

        });
        task.Wait();

I've been searching for over an hour and can't find anything regarding this. Any help is greatly appreciated.

Here are the headers returned from Postman :

Access-Control-Allow-Headers → Content-Type
Access-Control-Allow-Methods → GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin → *
Cache-Control → no-cache
Content-Length → 70838
Content-Type → application/json; charset=utf-8
Date → Wed, 02 Dec 2015 18:10:13 GMT
Expires → -1
Persistent-Auth → false
Pragma → no-cache
Server → Microsoft-IIS/7.5
WWW-Authenticate → Negotiate oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuLFrwoBSpoL7PwlX1E3MEnL7ub3KtmgZG2iGIfYqY+QyGXI1btpDaiLIBFstpQeunfY8DvHV/dcTbsVSeGW/ciuM/aZi1nG2AfHjlu6neYlTJTASF2bGv/M1EKkZRDvRoND2uLbfGdiXzrN5+M3U=
X-AspNet-Version →
X-AspNet-Version
Custom header
4.0.30319
X-Powered-By → ASP.NET
X-UA-Compatible → IE=edge

No headers are being sent from Postman.

Upvotes: 0

Views: 4507

Answers (1)

vendettamit
vendettamit

Reputation: 14677

Looks like the rest service is using NTLM or Kerberos security token to authenticate. Postman is automatically sending the information of windows identity. Via C# code you have to explicitly specify the Windows Identity as Identity token for impersonation.

Try WebClient instead of HttpClient and use Default :

var wi = (WindowsIdentity)HttpContext.User.Identity;

var wic = wi.Impersonate();

 using (var client = new WebClient { UseDefaultCredentials = true })
    {
        client.DownloadStringAsync(url);
    }

wic.Undo();

if Async doesn't work try sync method DownloadString.

See source for more details.

Upvotes: 2

Related Questions