Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom Authentication module only called when Credentials present

I am implementing some code that talks to a webserver that uses an RFC2617 extension. To facilate this I have implemented an IAuthenticationManager module.

My authentication module checks if the received challenge is for MyAuth:

    public Authorization Authenticate(String challenge, WebRequest request, ICredentials credentials)
    {

        if (!challenge.Contains(AuthenticationType)) // MyAuth
        {
            {
                return null; 
            }
        }
        ...
        // Get the token, omitted here

        return authorization;

I then call AuthenticationManager.Register(MyAuthModule);

When a WebRequest has UseIntegrated.UseDefaultCredentials = true or the request has credentials added to WebRequest.Credentials then my Authentication module is called and everything works. However if the WebRequest has no credentials and is not using default credentials my authorization module is not called and the request fails.

How can I make sure that my authentication module is called when a challenge is received but the WebRequest has no credentials and is not using default credentials?

like image 329
Remko Avatar asked Jan 10 '14 10:01

Remko


1 Answers

Looks like the request is coming in as anonymous. You can verify if this is the case by handling the anonymous request as it explains here.

If it's coming in as an anonymous request, you can try to disable it on the web server, since this will force all request to send an authentication header.

like image 72
Carlos Grappa Avatar answered Sep 30 '22 10:09

Carlos Grappa