The problem is that PreAuthenticate doesn't actually preauthenticate.
After one successful 401 Authentication Required it will then send the
credentials with every subsequent request.
The is the code I use to hit API's where auth is optional:
XDocument GetXDocumentFromUri(Uri uri)
{
Debug.Assert(uri != null);
Debug.Assert(uri.Scheme == Uri.UriSchemeHttp || uri.Scheme
== Uri.UriSchemeHttps);
HttpWebRequest req = HttpWebRequest.Create(uri) as
HttpWebRequest;
req.CookieContainer = _cookies;
NetworkCredential creds = Credentials.GetCredentials();
req.Headers.Add("Authorization", "Basic " +
Convert.ToBase64String(Encoding.ASCII.GetBytes(creds.UserName + ":" +
creds.Password)));
WebResponse resp = req.GetResponse();
using (StreamReader rdr = new
StreamReader(resp.GetResponseStream()))
{
return XDocument.Load(rdr);
}
}
Please only use basic auth over SSL!
Kyle Tolle wrote:
I tried doing this with C#. The same code auths me when auth is
required, but when auth is not required, it doesn't auth me.
Here's the code:
HttpWebRequest client = (HttpWebRequest)WebRequest.Create(xmlURL);
client.UseDefaultCredentials = false;
client.AuthenticationLevel =
System.Net.Security.AuthenticationLevel.MutualAuthRequired;
client.Credentials = credentials;
client.Timeout = 20000;
client.PreAuthenticate = true;
Anyone know why this wouldn't auth me on non-auth-required API calls?
On Mar 15, 3:49 pm, TjL <luo...@gmail.com> wrote:
On Sun, Mar 15, 2009 at 3:34 PM, Kyle Tolle <kyle.to...@gmail.com> wrote:
Is there a way to authenticate with an account even for pages that
don't require it? If not, there definitely should be.
Sure, just always use your auth creds when you send a request.
TJL
