CODEWITHSUNDEEP
c#restweb-servicespreemptive
rimasbimas
rimasbimas

Reputation: 35

C# basic pre-emptive authentication

I need to consume web service that requires basic pre-emptive authentication. I have below code, but getting an error on response -

'The remote server returned an error: (403) Forbidden.'

User credentials are correct. Any ideas what is wrong? 

string url = "MYURL";
HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest;

string user = "USER";
string pwd = "PASSWORD";


string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd));
req.PreAuthenticate = true;
req.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested;
req.Headers.Add("Authorization", auth);
WebResponse resp = req.GetResponse();
resp.Close();

req = HttpWebRequest.Create(url) as HttpWebRequest;
req.PreAuthenticate = true;
req.Credentials = new NetworkCredential(user, pwd);
resp.Close();

Upvotes: 1

Views: 4494

Answers (2)

Jerry
Jerry

Reputation: 1

Your code for preemptive authentication seems correct, but the 403 Forbidden error typically points to a permissions issue. In many cases, this means that the server is refusing to fulfill the request due to insufficient or improper access rights.

I would recommend double-checking with whoever provided the credentials to ensure that the necessary permissions are granted for the specific types of calls your code is making (GET, POST, PUT, DELETE). It's possible that certain methods are restricted or that the user account lacks the required privileges to access the resource.

Additionally, you may want to review any documentation or guidelines provided by the server or API provider to ensure that the authentication and authorization processes are correctly implemented on your end.

If the issue persists, you might consider reaching out to the server administrator or support team for further assistance in resolving the permissions problem.

Upvotes: 0

nvoigt
nvoigt

Reputation: 77304

401 is the error code you receive when you could not be authenticated (i.e. it's unclear who you are). If you get a 403 that means the server knows who you are but still thinks you should not be allowed access.

I guess you should talk to whoever provided you with the credentials and ask him.

Upvotes: 2

Related Questions