http://stackoverflow.com/questions/10861568/asmx-web-service-basic-authentication
//-----------------------------------------------------
public class BasicAuthHttpModule:IHttpModule
{
voidIHttpModule.Init(HttpApplication context)
{
context.AuthenticateRequest+=newEventHandler(OnAuthenticateRequest);
}
voidOnAuthenticateRequest(object sender,EventArgs e)
{
string header =HttpContext.Current.Request.Headers["Authorization"];
if(header !=null&& header.StartsWith("Basic")) //if has header
{
string encodedUserPass = header.Substring(6).Trim(); //remove the "Basic"
Encoding encoding =Encoding.GetEncoding("iso-8859-1");
string userPass = encoding.GetString(Convert.FromBase64String(encodedUserPass));
string[] credentials = userPass.Split(':');
string username = credentials[0];
string password = credentials[1];
if(!MyUserValidator.Validate(username, password))
{
HttpContext.Current.Response.StatusCode=401;
HttpContext.Current.Response.End();
}
}
else
{
//send request header for the 1st round
HttpContext context =HttpContext.Current;
context.Response.StatusCode=401;
context.Response.AddHeader("WWW-Authenticate",String.Format("Basic realm=\"{0}\"",string.Empty));
}
}
voidIHttpModule.Dispose()
{
}
}
staticvoidMain(string[] args)
{
var proxy =newService1.Service1()
{
Credentials=newNetworkCredential("user1","p@ssw0rd"),
PreAuthenticate=true
};
try
{
var result = proxy.HelloWorld();
Console.WriteLine(result);
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
Console.ReadKey();
}
The fiddler results:
POST http://www.mywebsite.com/Service1.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.4927)
VsDebuggerCausalityData: uIDPo+drc57U77xGu/ZaOdYvw6IAAAAA8AjKQNpkV06FEWDEs2Oja2C+h3kM7dlDvnFfE1VlIIIACQAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://www.mywebsite.com/HelloWorld"
Host: www.mywebsite.com
Content-Length: 291
Expect: 100-continue
Connection: Keep-Alive
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><HelloWorld xmlns="http://www.mywebsite.com/" /></soap:Body></soap:Envelope>
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm=""
X-AspNet-Version: 4.0.30319
WWW-Authenticate: Basic realm="www.mywebsite.com"
X-Powered-By: ASP.NET
Date: Sun, 03 Jun 2012 07:14:40 GMT
Content-Length: 1293
------------------------------------------------------------------
POST http://www.mywebsite.com/Service1.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.4927)
VsDebuggerCausalityData: uIDPo+drc57U77xGu/ZaOdYvw6IAAAAA8AjKQNpkV06FEWDEs2Oja2C+h3kM7dlDvnFfE1VlIIIACQAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://www.mywebsite.com/HelloWorld"
Authorization: Basic dXNlcjE6cEBzc3cwcmQ=
Host: www.mywebsite.com
Content-Length: 291
Expect: 100-continue
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><HelloWorld xmlns="http://www.mywebsite.com/" /></soap:Body></soap:Envelope>
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm="www.mywebsite.com"
X-Powered-By: ASP.NET
Date: Sun, 03 Jun 2012 07:14:41 GMT
Content-Length: 1293
//---------------------------------------------------------------
publicclassBasicAuthHttpModule:IHttpModule
{
publicvoidDispose()
{
}
public void Init(HttpApplication application)
{ application.AuthenticateRequest+=new
EventHandler(this.OnAuthenticateRequest);
application.EndRequest+=new
EventHandler(this.OnEndRequest);
}
public void OnAuthenticateRequest(object source,EventArgs
eventArgs)
{
HttpApplication app =(HttpApplication)source;
string authHeader = app.Request.Headers["Authorization"];
if(!string.IsNullOrEmpty(authHeader))
{
string authStr = app.Request.Headers["Authorization"];
if(authStr ==null|| authStr.Length==0)
{
return;
}
authStr = authStr.Trim();
if(authStr.IndexOf("Basic",0)!=0)
{
return;
}
authStr = authStr.Trim();
string encodedCredentials = authStr.Substring(6);
byte[] decodedBytes =
Convert.FromBase64String(encodedCredentials);
string s =newASCIIEncoding().GetString(decodedBytes);
string[] userPass = s.Split(newchar[]{':'});
string username = userPass[0];
string password = userPass[1];
if(!MyUserValidator.Validate(username, password))
{
DenyAccess(app);
return;
}
}
else
{
app.Response.StatusCode=401;
app.Response.End();
}
}
publicv oid OnEndRequest(object source,EventArgs eventArgs)
{
if(HttpContext.Current.Response.StatusCode==401)
{
HttpContext context =HttpContext.Current;
context.Response.StatusCode=401;
context.Response.AddHeader("WWW-Authenticate","Basic Realm");
}
}
private void DenyAccess(HttpApplication app)
{
app.Response.StatusCode=401;
app.Response.StatusDescription="Access Denied";
app.Response.Write("401 Access Denied");
app.CompleteRequest();
}
}
//--------------------------------------------------------
string url = "http://rasnote/wconnect/admin/wc.wc?_maintain~ShowStatus";
HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest;
string user = "ricks";
string pwd = "secret";
string domain = "www.west-wind.com";
string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd));
req.PreAuthenticate = true;
req.Headers.Add("Authorization", auth);
req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)";
WebResponse resp = req.GetResponse();
resp.Close();
//-----------------------------------------------------