Basic authentication not working in IE or Chrome when live

Question

3.00/5 (1 vote)

See more:

Hello,

following code does not authorize username and password in IE web browser, once i have deployed the web-api application. I cannot seem to figure out the reason. I have tried debugging the live(when uploaded on the ftp)authentication using fiddler and was able to extract raw messages below, from different web browsers.

Could anyone please provide any assistance, into what the following response below mean?

Many Thanks

firefox:

GET http://xxxx.xxxx.com/api/values HTTP/1.1
Host: xxxx.xxxxx.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: __utma=160871039.470048631.1389004711.1389004711.1389004711.1; __utmc=160871039; __utmz=160871039.1389004711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Connection: keep-alive

explorer:

GET http://#####.######.com/api/values HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)
Accept-Encoding: gzip, deflate
Host: ####.#####.com
Cookie: __utma=160871039.1791605041.1363174995.1374568675.1374856696.5; __utmz=160871039.1363174996.1.2.utmcsr=bing|utmccn=(organic)|utmcmd=organic|utmctr=######; __qca=P0-637394059-1363174995765
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==
DNT: 1

C#

public class BasicAuthenticationMessageHandler : DelegatingHandler
    {
        private const string BasicAuthResponseHeader = "WWW-Authenticate";
        private const string BasicAuthResponseHeaderValue = "Basic";

        public IProvidePrincipal PrincipalProvider { get; set; }

        protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(
            HttpRequestMessage request,
            CancellationToken cancellationToken)
        {
            AuthenticationHeaderValue authValue = request.Headers.Authorization;
            if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter))
            {
                Credentials parsedCredentials = ParseAuthorizationHeader(authValue.Parameter);
                if (parsedCredentials != null)
                {
                    Thread.CurrentPrincipal = PrincipalProvider
                        .CreatePrincipal(parsedCredentials.Username, parsedCredentials.Password);
                }
            }
            return base.SendAsync(request, cancellationToken)
                .ContinueWith(task =>
                {
                    var response = task.Result;
                    if (response.StatusCode == HttpStatusCode.Unauthorized
                        && !response.Headers.Contains(BasicAuthResponseHeader))
                    {
                        response.Headers.Add(BasicAuthResponseHeader
                                             , BasicAuthResponseHeaderValue);
                    }
                    return response;
                });
        }

        private Credentials ParseAuthorizationHeader(string authHeader)
        {
            string[] credentials = Encoding.ASCII.GetString(Convert
                                                                .FromBase64String(authHeader))
                .Split(
                    new[] { ':' });
            if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0])
                || string.IsNullOrEmpty(credentials[1])) return null;
            return new Credentials()
            {
                Username = credentials[0],
                Password = credentials[1],
            };
        }
}

Posted 24-Dec-13 2:39am

miss786

Updated 6-Jan-14 0:57am

v4

Add a Solution

Comments

JoCodes 24-Dec-13 9:47am

Any error or just the authentication fails?

miss786 24-Dec-13 13:22pm

Thank you for your response JoCodes, but it fails authenticate user credentials.

JoCodes 24-Dec-13 22:40pm

Is it working in any other browser?

JoCodes 25-Dec-13 1:30am

Basic authentication works on all browsers...Are you getting 401 unauthorized response error?

miss786 25-Dec-13 6:09am

Thank you for your response. it only works on firefox and in other browsers, it throws a 401 unauthorized error. This issue only occurs once i have deployed the web-api onto the server.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) · Answer 1 · 2013-12-24T06:05:00

Solution 1

Browser will just interpret the information you send as HTML.
Generally, browser related issues comes for designs made with CSS.
But they would function the same for all other server related stuffs and do the same thing to all the data at server.

From your code, it is quite obvious that it performs coding at server end.
So, it should work the same on every browser.

I guess you have some other issues, so debug your code with all browsers one by one selecting in Visual Studio and try to find the issue.

Posted 24-Dec-13 6:05am

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

Comments

miss786 24-Dec-13 21:59pm

Hi, Thank you so much for your response. I have debugged the code many times and I cannot seem to find any difference in the authorize property between the web browser.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 25-Dec-13 2:11am

If there is no difference, then what is the problem?

miss786 6-Jan-14 6:35am

Apology for the late response. I get 402 unauthorized error, whenever i try to login using the above code in window explorer, whereas it works fine in firefox. This issue only occurs, when the API application is deployed onto the ftp(live), otherwise in the development mode it works fine on all browsers. I have attached an updated fiddler log of the error. maybe if you get time, you could provide me any small further assistant to what the above fiddler log represent. I really appreciate your help and time. Thanks