locked
Forcing basic authentication from desktop application RRS feed

  • Question


  • I have a C# desktop application that stores login data in a database, and uses that to automatically login to local devices that have an HTTP interface. I am using a WebBroswer control to show the web pages.

    The automated login works well for form based authentication, but I'm having trouble with basic auth. I have tried to ways.

    I have a helper class that passes formatted Uri and such to the browser window, which in turn passes it to the webBrowser control's Navigate method:

    try
            {
                Browser winViewer = new Browser(uri, null, null, header, deviceInfo);
                winViewer.Show();       
            }

    Here is the point inside the browser window where the navigation is done:

     //pass vars and navigate to interface
            try
            {
                wb.Navigate(url, targetFrame, postData, headers);
    
            }

    Here are the 2 ways I have tried to pass the login data to the home uri:

    This one causes a COM error at runtime, with HRESULT: 0x800C000E. It seems to be a security error: StackTrace: at MS.Win32.UnsafeNativeMethods.IWebBrowser2.Navigate2

    Uri uri = new Uri (String.Format(@"http://{0}:{1}@{2}", targetDevice.deviceLoginName, targetDevice.devicePassword, targetDevice.ipAddressString));

    The second way (and probably the correct way) I am using is to pass the encoded header directly to the browser after a 401 status code is returned. This is the method that is causing the Windows Security login popup.

    Uri uri = new Uri(String.Format("http://{0}", targetDevice.ipAddressString));
    string header = "Authorization: Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(targetDevice .deviceLoginName +":" + targetDevice .devicePassword )) + System.Environment.NewLine;

    Can anyone tell me why the security window is popping up, and what process I can use to eliminate or hide it, so my login remains invisible?

    I think it has to do with IE security settings, but I don't know how to work around it.
    Thursday, December 19, 2013 2:53 PM

Answers

  • Hi Synlight,

    Basic authentication works as follows:

    1. If a request requires authentication, the server returns 401 (Unauthorized). The response includes a WWW-Authenticate header, indicating the server supports Basic authentication.
    2. The client sends another request, with the client credentials in the Authorization header. The credentials are formatted as the string “name:password”, base64-encoded. The credentials are not encrypted.

    See the following link for more information. http://www.asp.net/web-api/overview/security/basic-authentication.

    And try the solution below. http://blog.kowalczyk.info/article/at3/Forcing-basic-http-authentication-for-HttpWebReq.html. Please let me know the result.

    Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, December 20, 2013 2:40 AM