The remote server returned an error: (401) Unauthorized.
1,226 views
Skip to first unread message
Steven Andler
Nov 7, 2013, 4:45:17 PM11/7/13
to httpf...@googlegroups.com
I have been trying to get an C# HTTP Webrequest app to send a GET Restful command with Authentication working for a few weeks now. When I use Fiddler, it works fine. Here are the Fiddler settings
GET https://ers123.optimahcs.com/cpapi/v2/clinical/patients/12377 HTTP/1.1
User-Agent: Fiddler
Host: ers123.optimahcs.com
username: ERS123clinicalapi
password: -----------------------------
User-Agent: Fiddler
Host: ers123.optimahcs.com
username: ERS123clinicalapi
password: -----------------------------
In my app, I always get a 401 Error message The following is a a copy of the code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace ConsoleApplication27
{
class Program
{
{
class Program
{
static string username = "ERS123clinicalapi";
static string password = "------------";
static string password = "------------";
static void Main(string[] args)
{
try
{
HttpWebRequest request = WebRequest.Create("https://ERS123.optimahcs.com/cpapi/v2/clinical/patients/12377") as HttpWebRequest;
request.Method = "GET";
request.Credentials = new NetworkCredential(username,password);
{
try
{
HttpWebRequest request = WebRequest.Create("https://ERS123.optimahcs.com/cpapi/v2/clinical/patients/12377") as HttpWebRequest;
request.Method = "GET";
request.Credentials = new NetworkCredential(username,password);
request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired;
request.ContentType = "application/json; charset=utf-8";
request.ProtocolVersion = HttpVersion.Version11;
String authorization = System.Convert.ToBase64String(Encoding.UTF8.GetBytes(username + ":" + password));
request.Headers.Add("Authorization", "Forms " + authorization);
request.Headers.Add("Authorization", "Forms " + authorization);
var credentialCache = new CredentialCache();
credentialCache.Add(new Uri("https://ERS123.optimahcs.com/cpapi/v2/clinical/patients/12377"), "Forms", new NetworkCredential(username, password));
credentialCache.Add(new Uri("https://ERS123.optimahcs.com/cpapi/v2/clinical/patients/12377"), "Forms", new NetworkCredential(username, password));
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
// Get the response stream
StreamReader reader = new StreamReader(response.GetResponseStream());
{
// Get the response stream
StreamReader reader = new StreamReader(response.GetResponseStream());
// Console application output
Console.WriteLine(reader.ReadToEnd());
}
Console.WriteLine(reader.ReadToEnd());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
}
}
The following is copy of the webrequest log form Fiddler
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.1 (TLS/1.0)
Random: 52 7B DF 41 49 72 1B B2 F6 E7 FF 19 D3 0F 33 4E CC 63 93 BE 7F 2E F3 0C 95 8B C2 08 55 69 C2 6E
SessionID: empty
Extensions:
renegotiation_info 00
server_name ers123.optimahcs.com
elliptic_curves 00 04 00 17 00 18
ec_point_formats 01 00
Ciphers:
[002F] TLS_RSA_AES_128_SHA
[0035] TLS_RSA_AES_256_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
Random: 52 7B DF 41 49 72 1B B2 F6 E7 FF 19 D3 0F 33 4E CC 63 93 BE 7F 2E F3 0C 95 8B C2 08 55 69 C2 6E
SessionID: empty
Extensions:
renegotiation_info 00
server_name ers123.optimahcs.com
elliptic_curves 00 04 00 17 00 18
ec_point_formats 01 00
Ciphers:
[002F] TLS_RSA_AES_128_SHA
[0035] TLS_RSA_AES_256_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
Compression:
[00] NO_COMPRESSION
[00] NO_COMPRESSION
One interesting this I noticed is when using Fiddler, The 200 Result is using the HTTP protocol but when I use my code the 200 Result is HTTP. This seems interesting since my code explicitly uses HTTPS.
Any Advice would be greatly appreciated.
Steven
EricLaw
Nov 8, 2013, 5:14:47 PM11/8/13
to httpf...@googlegroups.com
See this: https://groups.google.com/forum/#!topic/httpfiddler/RCkzE3HhhxY to understand how HTTP CONNECT Tunnels are used to transfer HTTPS traffic.
In Fiddler, do you have HTTPS-decryption enabled?
What do you expect request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired; to do?
Why are you manually adding an Authorization header AND adding to the CredentialCache?
Reply all
Reply to author
Forward
0 new messages