none
Custom Basic authentication with WCF REST RRS feed

  • Question

  • Hi,

    I want to implement a custom authentication in my application using the basic authentication schema. I've configured it in the Web.config and enabled the basic authentication in the IIS, but when I try to open the service in the browser... appears a login dialog... what do I have to put ther? Besides, I want to control the authentication, I mean, I want to check whom is allowed in my custom list... where is it looking now?

    When I use the WebRequest class, I'm getting a "401 - Unauthorized":

    req = WebRequest.Create("http://localhost/RESTfulService/Service1.svc/Test");
    req.Credentials = CredentialCache.DefaultNetworkCredentials;
    WebResponse res = req.GetResponse();

    What do I have to do for implement a custom basic authentication? (I cannot use membership providers).

     

    I've set up in the Web.config:

    <system.serviceModel>
        <behaviors>
          <endpointBehaviors>
            <behavior name="RESTFriendly" >
              <webHttp />
            </behavior>
          </endpointBehaviors>
        </behaviors>
        <bindings>
          <webHttpBinding>
              <binding name="webBinding">
                  <security  mode="TransportCredentialOnly">
                      <transport clientCredentialType="Basic"/>
                  </security>
              </binding>
          </webHttpBinding>
        </bindings>
        <services>
          <service name="RESTful_Service.RESTfulService" >
            <endpoint address="" binding="webHttpBinding" contract="RESTful_Service.IRESTfulService" behaviorConfiguration="RESTFriendly" bindingConfiguration="webBinding">
                        <identity>
                            <dns value="localhost"/>
                        </identity>
                    </endpoint>
          </service>
        </services>
        </system.serviceModel>


    .: Valeriano Tórtola MCTS WPF :.: http://www.vtortola.net :.
    Wednesday, March 31, 2010 10:39 AM

Answers

  • Hi Valeriano,

    For your scenario, are you sure you want to use basic authentication?  Basic authentication is http specific transport layer authenticaiton which will always demand clear text username/password pair from client. When you request the target resource(suppose host in IIS with basic authentication turn on) in browser, the browser will prompt for username/password (via login dialog). If you programmtically access the resource, you need to supply the username/password credentials explicitly. e.g.

    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri);
    
    CredentialCache credCache = new CredentialCache();
    credCache.Add(new Uri(req.Url), "BASIC", new NetworkCredential("username","password"));
    
    req.Credentials = credCache;
    

    the  CredentialCache.DefaultNetworkCredentials you originally used will only provide a credential for windows authentication(NTLM) which will not work for basic authentication. Here are some threads and articles provide some detailed info on webrequest authentication and credentials:

    #Retrieving HTTP content in .NET
    http://www.west-wind.com/presentations/dotnetWebRequest/dotnetWebRequest.htm

    #Authentication in web services with HttpWebRequest
    http://blogs.msdn.com/buckh/archive/2004/07/28/199706.aspx







     


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    • Marked as answer by vtortola Thursday, April 1, 2010 10:49 AM
    Thursday, April 1, 2010 6:30 AM
    Moderator

All replies

  • Hi Valeriano,

    For your scenario, are you sure you want to use basic authentication?  Basic authentication is http specific transport layer authenticaiton which will always demand clear text username/password pair from client. When you request the target resource(suppose host in IIS with basic authentication turn on) in browser, the browser will prompt for username/password (via login dialog). If you programmtically access the resource, you need to supply the username/password credentials explicitly. e.g.

    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri);
    
    CredentialCache credCache = new CredentialCache();
    credCache.Add(new Uri(req.Url), "BASIC", new NetworkCredential("username","password"));
    
    req.Credentials = credCache;
    

    the  CredentialCache.DefaultNetworkCredentials you originally used will only provide a credential for windows authentication(NTLM) which will not work for basic authentication. Here are some threads and articles provide some detailed info on webrequest authentication and credentials:

    #Retrieving HTTP content in .NET
    http://www.west-wind.com/presentations/dotnetWebRequest/dotnetWebRequest.htm

    #Authentication in web services with HttpWebRequest
    http://blogs.msdn.com/buckh/archive/2004/07/28/199706.aspx







     


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    • Marked as answer by vtortola Thursday, April 1, 2010 10:49 AM
    Thursday, April 1, 2010 6:30 AM
    Moderator
  • Thanks!
    .: Valeriano Tórtola MCTS WPF :.: http://www.vtortola.net :.
    Thursday, April 1, 2010 10:49 AM