Forcing Basic Authentication in WebRequest

53
votes

I am integrating web service that will use an HTTP-POST to request and retrieve data. The remote server requires basic authentication as per RFC 2617

My attempts to authenticate are failing.

It fails in that, even though I attach a 'NetworkCredential' object to the 'Credentials' property of a 'HttpWebRequest' object, no authentication information is sent in the header, even if I set 'PreAuthenticate' = true.

What am I missing?

//chunk used

NetworkCredential netCredential = new NetworkCredential(" uid", "pwd");

Uri uri = new Uri("http://address of services");

ICredentials credentials = netCredential.GetCredential(uri, "Basic");

objRegistration.Credentials = credentials;

objRegistration.PreAuthenticate = true;
4
.netweb-servicesauthenticationwebrequest
From MSDN: WebRequest.PreAuthenticate: With the exception of the first request , the PreAuthenticate property indicates whether to send authentication information with subsequent requests without waiting to be challenged by the server, and HttpWebRequest.PreAuthenticate: After a client request to a specific Uri is successfully authenticated, if PreAuthenticate is true...Sepster

4 Answers

117
votes

I've just found this very handy little chunk of code to do exactly what you need. It adds the authorization header to the code manually without waiting for the server's challenge.

public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword)
{
    string authInfo = userName + ":" + userPassword;
    authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
    request.Headers["Authorization"] = "Basic " + authInfo;
}

Use it like this

var request = WebRequest.Create("http://myserver.com/service");
SetBasicAuthHeader(request, userName, password);

var response = request.GetResponse();
8
votes

Improving a little bit on samuel-jack's accepted answer. Instead of using the default encoding "ISO-8859-1" should be used as mentioned in this answer What encoding should I use for HTTP Basic Authentication?

So the code would look like this:

public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword)
{
    string authInfo = userName + ":" + userPassword;
    authInfo = Convert.ToBase64String(Encoding.GetEncoding("ISO-8859-1").GetBytes(authInfo));
    request.Headers["Authorization"] = "Basic " + authInfo;
}
4
votes

I found this question while looking for the answer, the answer given works but is not flexible so if you would like a better .NET way of doing this.

Uri uri = new Uri("http://address of services");

HttpWebRequest objRegistration = (HttpWebRequest)WebRequest.Create(url);

CredentialCache credentials = new CredentialCache(); 

NetworkCredential netCredential = new NetworkCredential(" uid", "pwd");

credentials.Add(uri, "Basic", netCredential);

objRegistration.Credentials = credentials;

You can replace "Basic" with "Digest", "NTLM" or "Negotiate" as well as this giving the ability to add multiple types to the cache as well.

3
votes

Here's my solution for OAuth. The value is in variable json.

var myUri = new Uri(fullpath);
var myWebRequest = WebRequest.Create(myUri);
var myHttpWebRequest = (HttpWebRequest)myWebRequest;
myHttpWebRequest.PreAuthenticate = true;
myHttpWebRequest.Headers.Add("Authorization", "Bearer " + AccessToken);
myHttpWebRequest.Accept = "application/json";

var myWebResponse = myWebRequest.GetResponse();
var responseStream = myWebResponse.GetResponseStream();
if (responseStream == null) return null;

var myStreamReader = new StreamReader(responseStream, Encoding.Default);
var json = myStreamReader.ReadToEnd();

responseStream.Close();
myWebResponse.Close();