Home/ Questions/Q 5984675
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T22:24:47+00:00

I’m writing RESTful service with basic authorization. Here is what I do when no

  • 0

I’m writing RESTful service with basic authorization.

Here is what I do when no authorization header present or when there is wrong UN/Password

//Get authorization header
            var auth = HttpContext.Current.Request.Headers.GetValues("Authorization");
            if (auth == null)
            {
                outgoingResponse.StatusCode = HttpStatusCode.Unauthorized;
                return false;
            }

            //Parse auth header:
            var authString = auth[0];
            String loginName, password;
            try
            {
                var decbuff = Convert.FromBase64String(authString.Replace("Basic ", ""));
                loginName = System.Text.Encoding.UTF8.GetString(decbuff).Split(':')[0];
                password = System.Text.Encoding.UTF8.GetString(decbuff).Split(':')[1];
            }
            catch
            {
                outgoingResponse.StatusCode = HttpStatusCode.Unauthorized;
                outgoingResponse.StatusDescription = "Invalid Authorization header";
                return false;
            }

When I look in Fiddler I see this:

enter image description here

It works OK with my client (Android) but I want this service to be browseable via Explorer or other browsers. How do I make explorer to ask for UN/Password if I send 401? Do I need to specify something?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I figured it out. I needed to put HTTP header along with 401 like this:

    WWW-Authenticate: Basic realm=”Secure
    Area”

    Then browser knows and displays login window to user

    • 0