如何使用HttpWebRequest.Credentials属性进行基本身份验证?
[英]How to use HttpWebRequest.Credentials Property for Basic Authentication?
问题描述
How can I use the Webrequest Credentials Property to send an basic authentication header? 
如何使用Webrequest Credentials属性发送基本身份验证标头? Why isn't the Authorization header send with the request even when PreAuthenticate is set to true? 即使PreAuthenticate设置为true,为什么Authorization标头不会随请求一起发送?
WebRequest request = (HttpWebRequest)WebRequest.Create("https://api.github.com/user");
request.Credentials = new NetworkCredential("githubUsername", "githubPassword");
request.PreAuthenticate = true;
var response = request.GetResponse();
3 个解决方案
解决方案1
6 已采纳 2013-11-04 21:20:20
The server should send a HTTP 401 Not Authorized response code containing a WWW-Authenticate HTTP header. 服务器应发送包含 WWW-Authenticate HTTP标头的HTTP 401 Not Authorized响应代码。
WWW-Authenticate: Basic realm="example"
The PreAuthenticate property only works after authentication has taken place. PreAuthenticate属性仅在进行身份验证后才有效。 From MSDN: 来自MSDN:
true to send an HTTP Authorization header with requests after authentication has taken place;
See other answers for more in depth explanation. 有关详细信息,请参阅其他答案。
解决方案2
4 2014-08-12 07:36:47
I've done some additional research based on Måns Tånneryd `s answer. 我根据MånsTånneryd的回答做了一些额外的研究。 And the link he posted in his comment: PreAuthenticate Property of WebRequest - Problem . 他在评论中发表的链接: WebRequest的PreAuthenticate属性 - 问题 。
First of all as described in his link the HttpWebRequest.PreAuthenticate Property does NOT send the Authentication header PRE authentication, but pre sends it in following requests, after Authentication. 首先,如他的链接中所述, HttpWebRequest.PreAuthenticate属性不会发送身份验证标头PRE身份验证,但会在身份验证之后预先将其发送到以下请求中。 From MSDN: 来自MSDN:
true to send an HTTP Authorization header with requests after authentication has taken place;
So even with the PreAuthenticate property set to true, we still need an WWW-Authenticate challenge with a 401 Unauthorized before anything happens. 因此,即使将PreAuthenticate属性设置为true,我们仍然需要在发生任何事情之前使用401 Unauthorized进行WWW-Authenticate挑战。 Now if we try to authenticate against github with the following code: 现在,如果我们尝试使用以下代码对github进行身份验证:
WebRequest request = (HttpWebRequest)WebRequest.Create("https://api.github.com/user");
request.Credentials = new NetworkCredential("githubUsername", "githubPassword");
var response = request.GetResponse();
An WebException will be thrown, because we don't get a WWW-Authenticate challenge. 将抛出WebException ,因为我们没有获得WWW-Authenticate挑战。 If we capture this in Fiddler we will get the following: 如果我们在Fiddler捕获这个,我们将获得以下内容:
However if we try this, with the exact same code, against a website that does return a WWW-Authenticate challenge we will see the following in Fiddler: 但是,如果我们尝试使用完全相同的代码,针对确实返回WWW-Authenticate挑战的网站,我们将在Fiddler中看到以下内容:
And the response will have the result as expected. 响应将得到预期的结果。
解决方案3
3 2013-11-04 10:00:12
I can successfull run this code accessing another server that also requires both SSL and authentication. 我可以成功运行此代码访问另一个同时需要SSL和身份验证的服务器。 This server differs from the github in that the github returns a json result saying that it requires authentication and the other server returns a "classic" 401 html page. 这个服务器与github的不同之处在于github返回一个json结果,说它需要身份验证,而另一个服务器返回一个“经典”401 html页面。 Sniffing the network you can see that the .net code tries to do anonymous auth even if you do set preauth to true which I think is rather confusing. 嗅探网络你可以看到.net代码试图进行匿名身份验证,即使你将preauth设置为true,我认为这是相当混乱的。 However, upon receiving a regular 401-page it tries again, and this time with the auth info and everything works. 然而,在收到常规的401页后,它再次尝试,这次使用身份验证信息,一切正常。 It seems to me though as if .net reacts differently upon receiving the json version of a 401, not making a second try. 在我看来,虽然.net在收到401的json版本时反应不同,而不是第二次尝试。
I guess this is not the answer you are looking for but hopefully it sheds some more light on the situation. 我想这不是你正在寻找的答案,但希望它能更清楚地了解情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.