tags:

views:

444

answers:

1
Q: 

How to Send HTTP Auth Credentials to a non .NET WebService

As far as I can tell i'm doing everything by the book, but the .NET client is simply not sending an authentication header when making requests to my (PHP) SOAP Web Service. I have verified this by logging the raw post data at the PHP end of things and .NET never sends any auth headers.

This is the code I am running before making calls on my ExampleWebService Web Service:

ExampleWebService.PreAuthenticate = true;
NetworkCredential myCred = new NetworkCredential("myusername","mypassword");

CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri(ExampleWebService.Url), "Basic", myCred);
ExampleWebService.Credentials = myCache;

As I understand it, PreAuthenticate should force the sending of my HTTP Basic Auth Credentials on every request regardless of challenge. Does this only work with IIS hosted services? I haven't found this documented anywhere.

Any light that someone more experienced than I in the world of .NET could shed on this would be greatly appreciated, as I'm close to pulling my hair out ;-)

+1  A: 

The HttpWebRequest class actually does not send the Authorization header on the first request, even with PreAuthenticate = true. It will though send the Authorization header on subsequent calls to the same realm as long as you use the same CredentialsCache instance. Some recommend adding the headers explictly.

Remus Rusanu  2009-09-03 23:14:08
is that a 'feature' or a 'bug'? ;-)
WibblePoop  2009-09-03 23:16:16
According to http://tools.ietf.org/html/rfc2617#page-5, is the correct behavior. The client should get a challenge and a *realm* from the server, even for Basic.
Remus Rusanu  2009-09-03 23:25:22
The WebService in question does not present a challenge as authentication is optional, so I assume this to be the root cause of the problem. Other SOAP clients obvioiusly aren't following the spec to the letter and brute forcing the credentials on each and every request, hence I've not run into this problem until testing against .NET
WibblePoop  2009-09-03 23:52:28
You can modify your proxy client that GetWebRequest adds the Authorization to the request `Headers`.
Remus Rusanu  2009-09-04 00:07:39
I'll certainly bear that in mind, but my ultimate goal is to make my PHP WebService as easy as possible to consume using .NET (where simple == working out of the box with the proxy class that Visual Studio generates from the WSDL) so I might have to have a little bit of a re-think on the whole HTTP Authentication scheme
WibblePoop  2009-09-04 00:15:56

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?