Add Authentication to a Request to REST Web Service?

Question

I am using WCF REST Startkit to create a test REST web service. To test it, I create a simple Console application with HTTPClient (provided by the kit) and HttpResponseMessage to make a request to the REST service. Here are some codes:

HttpClient client = new HttpClient(argsParser.BaseAddress);
HttpResponseMessage resp = client.Get(argsParser.URI);
Console.WriteLine(@"READING DATA FROM {0}{1}", 
  argsParser.BaseAddress, 
  argsParser.URI.Length == 0 ? @"" : string.Format(@"/{0}", 
  argsParse.URI));
resp.EnsureStatusIsSuccessful();
string contentType = resp.Content.ContentType;
Console.WriteLine("CONTENT TYPE: {0}", contentType);
string content = resp.Content.ReadAsString();
Console.WriteLine(
@"CONTENT: {0}", content);

where argsParser is my argument parser class to get base address and URI. It works fine as I said with my REST service in our intranet. However, when I used the test app with a web REST service such as Twitter REST service, I got exceptions.

I think this is caused by my work network settings. BlueCode security has been implemented as an enforcement to all browsers/http requests at work. I have to type in my user/pwd in a prompt window when my browser is accessing to a web REST service like Twitter's first time. After I provide my authentication information, the browser works fine.

So I guess that with HttpClient and HTTPResponseMessage instances created in my console application, I may need to add/attach some authentication information to them. I am not sure what classes or APIs I need to provide the required authentication information?

Answer 1

See if below links can help you solving your problem:

HttpClient Authentication Guide

HTTP authentication

Answer 2

To supply credentials via the Authorization Header with the HttpClient which comes with the WCF REST Starter Kit use this:

1.

 HttpClient client = new HttpClient();
 client.TransportSettings.Credentials = new NetworkCredential("user", "pass");

On the server side you can extract those in a RequestInterceptor or in a custom HttpModule, which can also help you do a custom basic authentication with IIS...

2.

You can also add an Authorization token/key, like this:

client.DefaultHeaders.Authorization = new Credential("18f34d01-blah-4959-blah-7db6ac5433cd");

OR you can also put the token in a custom header like this:

client.DefaultHeaders.Add("CustomAuthHeader", "18f34d01-blah-4959-blah-7db6ac5433cd");

On the server side then you extract that specific header....

Here is how you can extract the credentials on the service out of a Message object:

    private string[] ExtractCredentials(Message reqMessage)
    {
        HttpRequestMessageProperty request =
            (HttpRequestMessageProperty)reqMessage.Properties[HttpRequestMessageProperty.Name];

        string authHeader = request.Headers["Authorization"];

        if (authHeader != null && authHeader.StartsWith("Basic"))
        {
            string encodedUserPass = authHeader.Substring(6).Trim();

            Encoding encoding = Encoding.GetEncoding("iso-8859-1");
            string userPass = encoding.GetString(Convert.FromBase64String(encodedUserPass));
            int separator = userPass.IndexOf(':');

            string[] credentials = new string[2];
            credentials[0] = userPass.Substring(0, separator);
            credentials[1] = userPass.Substring(separator + 1);

            return credentials;
        }

        return new string[] { };
    }