Home > Uncategorized > Mixed mode #HTTP #Authentication

Mixed mode #HTTP #Authentication


If you want to have a service that can be contacted either with Basic Authentication, or without authentication, then you may not want your server to return a 401 challenge response, but want to look for the Authentication header anyway.

Here’s how I’ve done it with asp.net

var strAuthHeader = HttpContext.Current.Request.Headers[HttpRequestHeader.Authorization.ToString()];
if (!string.IsNullOrEmpty(strAuthHeader))
strAuthHeader = strAuthHeader.Substring(6);
byte[] bAuthHeader = Convert.FromBase64String(strAuthHeader);
strAuthHeader = Encoding.UTF8.GetString(bAuthHeader);
var strAuthUsername = strAuthHeader.Split(new char[] {‘:’})[0];
var strAuthPassword = strAuthHeader.Split(new char[] {‘:’})[1];

So, for example, you can call our RegCheck webservice, passing the credentials via basic authentication.

string userName = “user”;
string password = “password”;
WebClient client = new WebClient();
string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(userName + “:” + password));
client.Headers[HttpRequestHeader.Authorization] = string.Format(“Basic {0}”, credentials);
var strUrl = “http://www.regcheck.org.uk/api/reg.asmx/Check?RegistrationNumber=ukz2952&username=”;
var strHtml = client.DownloadString(strUrl);


Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: