Reputation: 4449
Can HttpWebRequest support token based authentication?
We have a ruby based API that our C# service needs to query that uses token-based authentication. I don't see anywhere in the httpwebrequest method's documentation that it supports this. Is there an alternative?
Upvotes: 2
Views: 2472
Answers (1)
Reputation: 6723
Token-based authentication is nothing special. It still generally uses HTTP and therefore an HttpWebRequest should work just fine for it. This is how token-based authentication typically happens.
First of all, there are three different parties involved with token or claims-based authentication. The server that is being authenticated to, the client that is authenticating, and a third party, the token provider. Typical authentication only includes a client and a server, but in the case of token-based authentication, there is the token provider. The token provider is known to the client and is trusted by the server.
The authentication process proceeds by the client making an HTTP request to the token provider, asking for the provider to provide a token to the client. Of course, at this point, the client will most likely need to authenticate to the token provider - this is usually done using conventional authentication methods. Assuming the client authenticates to the token provider, the token provider will respond with a token. The client then takes this token and makes a request to the server with the token included. The token has been signed such that the server can tell that the token came from its trusted token provider and what privileges the client should have.
Long story short, HttpWebRequest should be perfectly adequate. The only problem is that you'll have to know all of the specifics of the server and token provider, such as how the client is supposed to authenticate to the token provider (basic HTTP auth? posted username/password?), how the token provider responds with the token (included in the response? sets cookies?), how the server then expects the client to authenticate using the token (post the token to the server? set a cookie with the token?), etc.
Upvotes: 2
Related Questions
- Token based authentication in Web API without any user interface
- HttpWebRequest using Basic authentication
- Is it possible to transfer authentication from Webbrowser to WebRequest
- HttpWebRequest Auth Post Request in c#
- Can I make HttpWebRequest include windows credentials without waiting for a 401 challenge?
- C# - passing authentication credentials with HttpWebRequest
- HttpWebRequest and Authentication
- Using HTTP Authentication with a C# WebRequest
- Using HttpWebRequest in ASP.NET
- Handling Authentication with HttpWebRequest (.NET)