401 unauthorized except through browser

Question

I've been trying to do an HTML GET request, using a URL that works in the browser but somehow results in a 401 Unauthorized error when I run my code. The problem is that I did provide authentication; the URL is of the form

http://username:password@url?param=value

It succeeds in Firefox and Chrome (I also went through Incognito mode to avoid cookies), as well as Google's Postman app, but despite trying several other HTTP GET request methods they all return unauthorized error. I've run it through REST API and XMLHttpRequest, as well as command line.

Any ideas on what could be causing this? Or, even better, if someone's had a similar problem and has a solution?

(Note: I'm pretty new to this whole thing, not sure if I was clear/detailed enough. I'll do my best to elaborate if anyone needs.)

Edit: Here's some idea of the original code I was running:

var func = function() {
  var options = {
    baseUrl: SERVER,
    uri: '/device.cgi',
    qs: {
      param1: value1,
      param2: value2
    }
  };
  request(options, function(err, response, body) {
    if (err) console.log(err);
    else console.log(body);
  });
};

I also ran

function httpGet(theUrl)
{
    var xmlHttp = new XMLHttpRequest();
    xmlHttp.open( "GET", theUrl, false ); // false for synchronous request
    xmlHttp.send( null );
    return xmlHttp.responseText;
}

from this question and got the same Unauthorized result.

And because apparently the device I'm using is fine with POST as well,

var func = function () {
  var formData = {
    form: {
      param1: value1,
      param2: value2
    }
  };
  request.post(SERVER + 'device.cgi', formData, function (err, response, body) {
    if (err) {
      console.log(err);
    }
    else console.log(body);
  }).auth(userID, userPass);
};

still with exactly the same result.

Do you need to spoof that you are a browser and not node? Did you try to set the headers instead of it in the url? — epascarello, Jul 15 '16 at 17:34
Which methods fail? Does Curl work? Can you share the part of your code that's not working? — Kyle Falconer, Jul 15 '16 at 17:35
If you post your nodejs code, we can better assist. In short, the browser is creating the authorization header for you. — Alan, Jul 15 '16 at 17:41

score 1 · Answer 1 · edited Apr 13 '17 at 12:13

1

http://username:password@url?param=value

The browser is taking that URL, and creates the Basic HTTP Authorization header for you.

Node.js does not do that for you, and thus you must set the Authorization header yourself in code.

var http = require('http');

var options = {
  host: 'www.tempuri.org',
  path: '/helloworld/',
  headers: {
    'Authorization': 'Basic QWxhZGRpbjpPcGVuU2VzYW1l'
  }
};

http.request(options, function(response) {
  var body = '';
  response.on('data',function(c) {
    body+= c;
  })
  response.on('end',function() {
    console.log(body)
  })
}).end();

The following links discuss basic auth, how the browser encodes the data in the URL, and how you could implement it yourself in Node.js:

edited Apr 13 '17 at 12:13

Community

1
1

answered Jul 15 '16 at 17:39

Alan

45,915
17
113
134

Can you provide a basic example in addition to those links? This will be good for posterity in case those links die while this answer lives on. – gfullam Jul 15 '16 at 17:41
Understoop. I'm hoping the OP will paste their sample code, which I can then modify. Without knowing which nodejs library or module they are using, any sample code may not be very useful. – Alan Jul 15 '16 at 17:42
Sorry, I probably wasn't clear enough in the original question. I have tried handling authentication through this method, but it still gives me the same error. Considering that this issue was not experienced with an earlier device I worked with, perhaps it is not a code issue but a device one. – Edylk Jul 15 '16 at 22:44

401 unauthorized except through browser

1 Answers1