All geek questions in one place

ASP.NET Web API 401 when adding credential header

This is similar to this question ; however, a little different and the answers did not work for me (or, apparently, the original finder)

I have an asp.net web api project created in the .NET Framework 4.5. I wanted to add basic authentication, in which I check the user credentials for each request. I used the code that I found from several sites (I would post links, but I need more reputation to post more than two links) to create the BasicAuthenticationAttribute attribute and come up with a working solution.

It all worked fine on the local host, but when I moved it to our shared hosting site GoDaddy, it always returns unauthorized. This unauthorized response comes before my permission, and I proved that by deleting the authorization code, which still leads to an unauthorized response. Now I wonder if I don’t add the user credentials to the request, it works fine. This is only when I add credentials that receive an unauthorized response.

To summarize this a bit ...

  • localhost without account headers: works
  • localhost with credential headers: works
  • GoDaddy without account headers: works
  • GoDaddy with Credential Headers: Unauthorized

, , . , , . FormsAuthentication web.config, , , , , .

web.config( , ):

<!--<authentication mode="Forms">
</authentication>-->

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="30">
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="MyConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MyApplicationName" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"/>
  </providers>
</membership>

<roleManager enabled="true" defaultProvider="CustomizedRoleProvider" cookieTimeout="30">
  <providers>
    <add name="CustomizedRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="MyConnectionString" applicationName="MyApplicationName"/>
  </providers>
</roleManager>

<system.webServer>
  <validation validateIntegratedModeConfiguration="false" />
  <modules runAllManagedModulesForAllRequests="true">
    <remove name="FormsAuthentication" />
  </modules>
</system.webServer>

, :

using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes("MyUserName" + ":" + "MyPassword"));
    client.DefaultRequestHeaders.Authorization = System.Net.Http.Headers.AuthenticationHeaderValue.Parse("Basic " + credentials);

    var obj = new MyObject()
    {
        MyData...
    };

    HttpResponseMessage response = await client.PostAsXmlAsync("<URI>", obj);
...
}

:

POST <URI> HTTP/1.1
Accept: application/json
Authorization: Basic <encoded info>
Content-Type: application/xml; charset=utf-8
Host: <host>
Content-Length: 705
Expect: 100-continue
Connection: Keep-Alive

<data>

:

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.0
WWW-Authenticate: Basic realm="<host>"
X-Powered-By: ASP.NET
Date: Tue, 11 Feb 2014 00:52:10 GMT
Content-Length: 1293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>
+4
2

, , .

GoDaddy IIS. - GoDaddy IIS Management, . , Basic, Anonymous IIS "".

IIS. , , . , , GoDaddy.

IIS , , . , .

IIS. GoDaddy - . , , , , .

WORKAROUND ()

, :-). , Basic, IIS ! , - :

Authorization: Pickle cmFtc2V5amFjb2I6aXNfYV9yYWRfZHVkZQ==

, Pickle, ( ). , GoDaddy!

+4

, , , , . . , iis, , , !

0

Source: https://habr.com/ru/post/1526266/

More articles:


All Articles