none
HTTP client with Basic auth and special characters

    Question

  • Hello,

    I use an HTTP Client to connect to a Server to retrieve information. The server also has a web browser interface and requires authentication with Basic Auth. It expects the Username and password in a format like "User:password" but base64 encoded.

    The password contains a special character (in this case: € (the euro symbol)).

    I tried to use this code:

    var filter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
    
    filter.ServerCredential = new Windows.Security.Credentials.PasswordCredential("demo", "User", "password€");
    
    HttpClient client = new HttpClient(filter);

    This does not work. Neither does opening the web interface in Edge. The browser asks for Username and Password, but upon entering the information (including the special character), the same windows asking for Username and Password shows up again.

    This code works:

    var filter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
    
    //do other stuff, not setting ServerCredentials
    
    HttpClient client = new HttpClient(filter);
    
    client.DefaultRequestHeaders.Authorization = new Windows.Web.Http.Headers.HttpCredentialsHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes("demo" + ":" + "password€")));
                

    Opening the same website in Chrome also works upon entering the Username and password with special character.

    Does the Windows.Security.Credentials.PasswordCredential Class have problems with special characters or is this somehow by design? Is there any downside to my second code? Should I report this as a bug somewhere?

    Wednesday, December 5, 2018 4:15 PM

All replies

  • Hi,
    Generally, when the web service hosted on windows server with NTLM(NT LAN Manager) authentication, the client need to use HttpBaseProtocolFilter.ServerCredential to authorize. NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM auth does work with username / password. Need to retry the connection a second time, because HttpClient is pre-sending BASIC auth when server wants NTLM. If the server is authorized with Basic Auth, you need to set DefaultRequestHeaders.Authorization for the HttpClient, so that the request will append the Authorization Header with base64 encoded user name and password. You can refer to this blog describes how NTLM works. 

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Thursday, December 6, 2018 9:45 AM
    Moderator
  • Hello,

    thank you for your response. To clarify, it I omit the special character from the password it works fine. This code allows me to login (if the required password is "password":

    var filter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
    
    filter.ServerCredential = new Windows.Security.Credentials.PasswordCredential("demo", "User", "password");
    
    HttpClient client = new HttpClient(filter);

    However, if the required password contains this special character, this does not work anymore. If I try to send "password€" using this method the server only receives "password" (Unicode replacement character). Other special characters (e.g. $, %) work fine.

    This problem exists both from within the app as well as when I open the website with Edge and try to enter the password into the prompt. When I use another browser this works fine.

    Thursday, December 6, 2018 8:26 PM
  • Hi,

    I'll ask other engineer about this to see if this is by design. Thank you for your patience.

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, December 10, 2018 7:12 AM
    Moderator