Basic Authorization on WebAPI

Discussion in 'Site Programming, Development and Design' started by Ahmad Khan, Jan 5, 2017.

  1. On my WebAPI application, I'm using a simple filter to check for authorization header and compare with base64 string.
    Code:
    public override void OnAuthorization(HttpActionContext context)
    {
        var req = context.Request;
        Encoding encoding = Encoding.ASCII;
        var authorization = req.Headers.Authorization;
        if (authorization == null ||
            authorization.Scheme != "Basic" ||
            String.IsNullOrEmpty(authorization.Parameter)
            )
        {
            context.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
            return;
        }
        string key = encoding.GetString(Convert.FromBase64String(authorization.Parameter));
        if (key != "db72f0e2-cdce-11e5-ab30-625662870761")
        {
            context.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
            return;
        }
    }
    If I do not include an authorization header, I get BadRequest response from application.
    But soon as I include an authorization header to request, I get authorization error from IIS and not the application. To verify that, I changed unauthorized response from application to InternalServerError.
    Code:
    context.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
    This is IIS detailed error

    Detailed Error Information:
    Module
    BasicAuthenticationModule
    Notification
    AuthenticateRequest
    Handler
    ExtensionlessUrlHandler-Integrated-4.0
    Error Code
    0x8007000d

    Requested URL
    http://mermaid-magic.com:80/oceanhunt/api/players/details/cad9a8b7-f203-40c5-96b6-125236991a71
    Logon Method
    Not yet determined
    Logon User
    Not yet determined

    Application works fine if I disable the filter. And the authorization works on my computer and has been working before.
    Need help fixing this, thanks.
     
    Last edited: Jan 5, 2017

Share This Page