Sitecore 7.2 - Item Web API-User Authentication

Question

I want to restrict the Sitecore Item Web API to send data to authenticated user only & as per the documentation,we need to pass the user name & password in http request header as X-Scitemwebapi-Username & X-Scitemwebapi-Password

To achieve this,I used below code:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://scapidemo.local/-/item/v1/?sc_itemid={110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9}&sc_database=master");

request.Headers["X-Scitemwebapi-Username"] = "admin";
request.Headers["X-Scitemwebapi-Password"] = "b";

HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Response.Write(String.Format("Content length is {0}", response.ContentLength));
Response.Write(String.Format("Content type is {0}", response.ContentType));
// Get the stream associated with the response.
Stream receiveStream = response.GetResponseStream();

// Pipes the stream to a higher level stream reader with the required encoding format. 
StreamReader readStream = new StreamReader(receiveStream, Encoding.UTF8);

Response.Write("<br /> Response stream received. <br />");
Response.Write(readStream.ReadToEnd());

In Sitecore.ItemWebApi.config I've added setting for my website as below:

itemwebapi.mode="StandardSecurity"
itemwebapi.access="ReadOnly"
itemwebapi.allowanonymousaccess="false"/>

Now while running my app I'm getting this error:

{"statusCode":401,"error":{"message":"Access to site is not granted."}}  

Answer 1

You are passing the user without the domain it belongs to. The ItemWebAPI does not have a default domain so every time you make you make a call you need to pass your user like this "domain\user".

All that said - try it like this:

request.Headers["X-Scitemwebapi-Username"] = @"sitecore\admin";
request.Headers["X-Scitemwebapi-Password"] = "b";