CODEWITHSUNDEEP
c#httplistenerdigest-authentication
lorenzoff
lorenzoff

Reputation: 1120

HttpListener Digest Auth schema

i have to implement a small REST server to manage a remote DB, nothing special. The security is NOT a critical issue, since this server has to run in an intranet environment; we only want to filter users and redirect them to appropiate resources.

        HttpListener listener = new HttpListener();
        listener.Realm = "testserver1";
        listener.AuthenticationSchemes = AuthenticationSchemes.Basic;

        foreach (string s in prefixes)
        {
            listener.Prefixes.Add(s);
        }

        listener.Start();
        Console.WriteLine("Listening...");

        HttpListenerContext context = listener.GetContext();

        HttpListenerRequest request = context.Request;
        HttpListenerResponse response = context.Response;

        string responseString = "<HTML><BODY>" + DateTime.Now.ToString() + "</BODY></HTML>";
        byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);

        response.ContentLength64 = buffer.Length;
        System.IO.Stream output = response.OutputStream;
        output.Write(buffer, 0, buffer.Length);
        output.Close();

        listener.Stop();

This code (taken from Microsoft site) works perfectly from server side and -when the listener.GetContext() returns- I can check username and password from User object and establish how to treat the request. Changing the initial listener.AuthenticationSchemes = AuthenticationSchemes.Basic to

listener.AuthenticationSchemes = AuthenticationSchemes.Digest

it stops working as i expect and as Basic auth schema effectively do. The listener.GetContext() call never returns. HttpListener SEEMS to block any request and, from client side, i continue to be prompted for username and password. I've tryed local user, local administrator, domain user, domain administraror, about 500 fantasy names: nothing works. GetContext() no more returns. Can you help me?

Thanks in advance.

L.

Upvotes: 2

Views: 3203

Answers (2)

springy76
springy76

Reputation: 3786

The value assigned to listener.Realm must be the name of the Windows domain which is used for authentication. "testserver1" doesn't look like a domain name to me.

Upvotes: 1

Greg
Greg

Reputation: 1

You can use AuthenticationSchemeSelectorDelegate, worked for me. Example:

_listener.AuthenticationSchemeSelectorDelegate = delegate(HttpListenerRequest request)
{
    string temp = request.Headers["Authorization"];
    if (!string.IsNullOrEmpty(temp))
        throw new Exception("Auth string: " + temp);
    return AuthenticationSchemes.Digest; // here where you return auth type for every request eg. can be Basic,Digest
};

http://msdn.microsoft.com/en-us/library/system.net.httplistener.authenticationschemeselectordelegate.aspx

Upvotes: 0

Related Questions