Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorization Header is missing in Http request using WCF

I am accessing a web service using WCF. Using WSHttpBinding, Security mode is set Transport (https) and client credential type is Basic. When I try to access the service using the proxy, getting an 401 unauthorized exception.

Here is the Binding

var binding = new WSHttpBinding()
        {
            UseDefaultWebProxy = true,
            Security =
            {
                Mode = SecurityMode.Transport,
                Transport =
                {
                    ClientCredentialType = HttpClientCredentialType.Basic,
                },
            }
        };

Here is the service call

var client = new InternetClient(binding, new EndpointAddress("httpsurl"));

        client.ClientCredentials.UserName.UserName = "username";
        client.ClientCredentials.UserName.Password = "password";
        client.ProcessMessage("somevalue");

When looked into Http headers using Http Analyzer CONNECT HEADER

(Request-Line):CONNECT somehost.com:443 HTTP/1.1
Host:somehost.com
Proxy-Connection:Keep-Alive

POST HEADER

(Request-Line):POST /Company/1.0 HTTP/1.1
Content-Type:application/soap+xml; charset=utf-8
VsDebuggerCausalityData:uIDPo+voStemjalOv5LtRotFQ7UAAAAAUKLJpa755k6oRwto14BnuE2PDtYKxr9LhfqXFSOo8pEACQAA
Host:somehost.com
Content-Length:898
Expect:100-continue
Connection:Keep-Alive

If you see the header Authorization header is missing

Now my question is why WCF call missing the Authorization header? Am I missing something? . Please ask if you need more information

like image 440
Amzath Avatar asked Nov 02 '10 18:11

Amzath


People also ask

How can I add Authorization header to the request in WCF?

MessageHeader header = MessageHeader. CreateHeader("Authorization", "", "Basic Y19udGk6Q29udGlfQjNTVA=="); request. Headers. Add(header);

How do I send the Authorization header in HTTP?

It is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.

What does the Authorization header is missing mean?

This error means that your WordPress Permalink rules are not up-to-date. To fix the issue, you need to update the Permalink rules in your site's . htaccess file.

Why does my WCF client send HTTP Basic authentication header without authorization?

It turns out that initially for the 1st request a WCF client that is configured to use HTTP basic authentication will nevertheless send the request withoutthe necessary Authorization header to the server. This is the default behavior of the HttpWebRequest class used by the WCF client.

Which header is missing in HTTP request using WCF?

Authorization Header is missing in Http request using WCF Ask Question Asked11 years, 3 months ago Active4 years, 7 months ago Viewed24k times 8 2 I am accessing a web service using WCF. Using WSHttpBinding, Security mode is set Transport (https) and client credential type is Basic.

How to configure client credentials with WCF-webhttp?

In summary configuring client credentials on the WCF-WebHttp adapter does not send an authorisation header whereas the classical HTTP does. Although you could workaround this behaviour by adding the Authorization header to the Outbound HTTP header we decided to use the HTTP adapter instead.

Which header is removed from the HTTP request in IIS?

0 IIS removes Authorization header from the http request, when the request is from outside my LAN 303 Best HTTP Authorization header type for JWT 0 Android WCF Service Username Password Authentication


1 Answers

This is a common problem, but the situation is different from what you think.

It turns out that initially for the 1st request a WCF client that is configured to use HTTP basic authentication will nevertheless send the request without the necessary Authorization header to the server. This is the default behavior of the HttpWebRequest class used by the WCF client.

Normally, the web service server will then return a HTTP 401 Unauthorized response to the WCF client, upon which the latter will resend the message with the Authorization header. This means under normal conditions for HTTP Basic Authentication there will be a a rather useless round trip to the server.

This also explains why the header was missing in your sniffed message. Some Http sniffs possibly don't pass on the 401 response, so the whole exchange gets messed up.

The server round-trip and dependence on the 401 response can be avoided by manually injecting the required Authorization header into every request. See e.g. how to manually inject Authorization header into WCF request

like image 82
whale70 Avatar answered Sep 28 '22 20:09

whale70