Hi, I'm trying to use Thinktecture.IdentityModel to support basic authentication in my web api, implemented with MVC 4. I don't use ssl yet. I got it working on my machine, but when I publish it to Winhost, my UserCredentials.Validate method is not called, and by requests return error 401 (Unauthorized). I know that it's not called, as I added logging. Did anyone implemented it successively, and ideas, advice? Thanks.
I wonder what will happen if you try to change the trust level to full. Read our knowledge base article on how to change the trust level to full here: http://support.Winhost.com/KB/a657/changing-the-default-aspnet-trust-level.aspx Otherwise provide us with the full error message or instructions on how to recreate the error on our end.
I do have it set to full. I am attaching the major files, that I suppose matter. If you think I need to attach more, just let me know what it is. I can zip my whole solution, whatever is needed to make it work. From attached files: RegisterController works fine, and it does not require authentication. LoginController doesn't work. I also attached log file. To get to the Login you can just type http://www.tennis-umpire.com/api/login, it supports GET
I actually experimented with different things, I noticed that latest version of WebApiConfig is not correct. It should be authentication.AddBasicAuthentication(UserCredentials.Validate); I'm putting it back and updating web site.
I'm stuck. Probably have to move somewhere else while my have 30 days get my money back. Really hate to do this.
Interestingly, as soon as I almost gave up, there was one thing that helped me at the moment. I installed remote IIS and started comparing my settings, what I found is on Winhost in Authentication for my site "Basic Authentication" was enabled, and on my local computer there wasn't even such line. When I disabled Basic Authentication, it started to work as on my local machine, where authentication was delegated to my code. Another interesting thing, web deployment turned enabled it back. Now I have to figure out what is going on, but at least it's some progress.
Hi, You should compare the web.config file that you uploaded to Winhost with the one on your local machine. IIS Manager writes the information to the web.config file for you.
Web.configs are the same. I already mentioned in my own post that the problem was with BasicAuthentication being enabled in Winhost, but not on my local machine. The way I understand it, BasicAuthentication module analyzed http header, got basic authentication credentials from there and tried to verify them using Active Directory. The way Thinktecture works, it creates it's own HTTP message handler, which delegates authentication to my code, where I can implement it the way I want. At least this is my understanding of what was going on. My problem was that I could not see it from Winhost control panel, and could find and ultimately disable it only after I installed remote client for IIS configuration. But I will compare them once more when I get home. Will post to confirm it. Interesting problem, took me hours to resolve it.
You may want to check the machine.config on your computer, on our server by the default basic authentication is set to true, therefore if you do not explicitly set it to false it will inherit the settings from our servers machine.config.