How to test Basic Authentication in an MVC.NET application using a browser

Question

I am trying to setup basic auth on my mvc.net web application. I configured my controller using this example: asp mvc 3 ActionFilter for basic authentication

I set a breakpoint where it checks for the Authorization Header, however the header is not present in the HttpRequest. I am accessing the site like this:

http://user1:pass1@localhost/{AppName}/Client/Authorize

If I remove the [BasicAuthorization] attribute from my controller, I am able to access the page.

I am debugging this using IIS 7.0 on a Windows 7 machine.

I think it might have something to do with default authorization settings in IIS. When I throw a HttpUnauthorizedResult() exception, a username/password box pops up in Chrome... I'm not sure how to tell IIS to use my custom code to authenticate the user.

This application won't be accessible by a human user, so the username/password needs to be passed in in the URL like shown above.

I had also found this post: No browser is sending Authorization info in header. I tried sending the request twice after IIS sends the UnauthorizedRequest to the browser, but that's when the username/password dialog pops up. I'm also not sure how to test using that Curl command... Is that through CMD?

Answer 1

I found this post here: SimpleMembership in MVC4 app + WebApi using basic HTTP auth

I was able to refer to the test page used on this tutorial: http://kevin-junghans.blogspot.ca/2013/02/mixing-forms-authentication-basic.html to setup a simple testing page to test that basic authentication was working properly.

I'm not entirely sure on the reason, but I believe that the browser doesn't automatically add an authentication header to the HttpRequest when you try sending the credentials like so:

http://user1:pass1@localhost/{AppName}/Client/Authorize

It must have something to do with the browser requiring a 401 response from the server first before sending the authentication header. I just couldn't figure out how to do it. If anyone knows how to configure IIS/browser properly so you can easily test basic authentication using the above URL format, please let me know.