Forcing Basic Authentication in WebRequest

Question

I am integrating web service that will use an HTTP-POST to request and retrieve data. The remote server requires basic authentication as per RFC 2617

My attempts to authenticate are failing.

It fails in that, even though I attach a 'NetworkCredential' object to the 'Credentials' property of a 'HttpWebRequest' object, no authentication information is sent in the header, even if I set 'PreAuthenticate' = true.

What am I missing?

//chunk used

NetworkCredential netCredential = new NetworkCredential(" uid", "pwd");

Uri uri = new Uri("http://address of services");

ICredentials credentials = netCredential.GetCredential(uri, "Basic");

objRegistration.Credentials = credentials;

objRegistration.PreAuthenticate = true;

From MSDN: [`WebRequest.PreAuthenticate`](http://msdn.microsoft.com/en-us/library/system.net.webrequest.preauthenticate(v=vs.110).aspx): **With the exception of the first request** _, the `PreAuthenticate` property indicates whether to send authentication information with **subsequent** requests without waiting to be challenged by the server_, and [`HttpWebRequest.PreAuthenticate`](http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.preauthenticate(v=vs.110).aspx): **After** _a client request to a specific Uri is successfully authenticated, if `PreAuthenticate` is true..._ — Sepster, Sep 14 '14 at 14:20

score 119 · Accepted Answer · answered Jul 16 '10 at 15:32

119

I've just found this very handy little chunk of code to do exactly what you need. It adds the authorization header to the code manually without waiting for the server's challenge.

public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword)
{
    string authInfo = userName + ":" + userPassword;
    authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
    request.Headers["Authorization"] = "Basic " + authInfo;
}

Use it like this

var request = WebRequest.Create("http://myserver.com/service");
SetBasicAuthHeader(request, userName, password);

var response = request.GetResponse();

answered Jul 16 '10 at 15:32

Samuel Jack

32,712
16
118
155

1

seems there's be a better way, but I'll vote for it anyway ;) – Brady Moritz Nov 28 '11 at 14:40
This is the correct answer, I dont know what Himanshu is talking about. – cgatian Jan 19 '12 at 15:19
9

I think it is because the .Net client will typically wait for the server to challenge it for its credentials before sending them. But some servers never send the challenge, so the only way to get the request to succeed is manually include the header. – Samuel Jack Aug 28 '12 at 10:23
1

+1 From MSDN: [`WebRequest.PreAuthenticate`](http://msdn.microsoft.com/en-us/library/system.net.webrequest.preauthenticate(v=vs.110).aspx): **With the exception of the first request** _, the `PreAuthenticate` property indicates whether to send authentication information with **subsequent** requests without waiting to be challenged by the server_, and [`HttpWebRequest.PreAuthenticate`](http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.preauthenticate(v=vs.110).aspx): **After** _a client request to a specific Uri is successfully authenticated, if `PreAuthenticate` is true..._ – Sepster Sep 14 '14 at 14:15
Nice you copied the code, since the original link is now 404. – akauppi Jan 29 '15 at 09:30
@akauppi No it is not. – Lonzak Dec 06 '21 at 09:32

score 8 · Answer 2 · edited May 23 '17 at 12:32

Improving a little bit on samuel-jack's accepted answer. Instead of using the default encoding "ISO-8859-1" should be used as mentioned in this answer What encoding should I use for HTTP Basic Authentication?

So the code would look like this:

public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword)
{
    string authInfo = userName + ":" + userPassword;
    authInfo = Convert.ToBase64String(Encoding.GetEncoding("ISO-8859-1").GetBytes(authInfo));
    request.Headers["Authorization"] = "Basic " + authInfo;
}

score 6 · Answer 3 · answered May 07 '15 at 12:16

I found this question while looking for the answer, the answer given works but is not flexible so if you would like a better .NET way of doing this.

Uri uri = new Uri("http://address of services");

HttpWebRequest objRegistration = (HttpWebRequest)WebRequest.Create(url);

CredentialCache credentials = new CredentialCache(); 

NetworkCredential netCredential = new NetworkCredential(" uid", "pwd");

credentials.Add(uri, "Basic", netCredential);

objRegistration.Credentials = credentials;

You can replace "Basic" with "Digest", "NTLM" or "Negotiate" as well as this giving the ability to add multiple types to the cache as well.

I wouldn't say this method is more flexible, or a better .Net way. Setting authentication type and credentials in CredentialCache doesn't seem to affect / set "Authorization" header directly. Setting CredentialCache will not help in situation mentioned above (When there is no challenge / 401 status code from server.). — Denis, Jul 13 '17 at 23:48

score 3 · Answer 4 · answered Feb 08 '15 at 01:36

Here's my solution for OAuth. The value is in variable json.

var myUri = new Uri(fullpath);
var myWebRequest = WebRequest.Create(myUri);
var myHttpWebRequest = (HttpWebRequest)myWebRequest;
myHttpWebRequest.PreAuthenticate = true;
myHttpWebRequest.Headers.Add("Authorization", "Bearer " + AccessToken);
myHttpWebRequest.Accept = "application/json";

var myWebResponse = myWebRequest.GetResponse();
var responseStream = myWebResponse.GetResponseStream();
if (responseStream == null) return null;

var myStreamReader = new StreamReader(responseStream, Encoding.Default);
var json = myStreamReader.ReadToEnd();

responseStream.Close();
myWebResponse.Close();

Forcing Basic Authentication in WebRequest

4 Answers4

Linked