3

This is my first attempt at creating a console app which can make a HTTP GET request and print the response to the console.

Thus far, the code works, but only for URIs which do not require a username/password.

My ultimate purpose is to use a cloud/hosting API which accepts HTTP GET requests as triggers for taking certain actions. As such, I have to use a username/password for this.

using System;
using System.Net;
using System.IO;

namespace HttpTestProject {

    class Program {

        static void Main(string[] args) {

            Uri uri = new Uri("http://www.google.com");
            string username = "asdf";
            string password = "asdf";

            NetworkCredential cred = new NetworkCredential(username, password);
            CredentialCache cache = new CredentialCache();
            cache.Add(uri, "Basic", cred);

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
            HttpWebResponse response = (HttpWebResponse)request.GetResponse();
            Stream resStream = response.GetResponseStream();

            StreamReader reader = new StreamReader(resStream);
            string text = reader.ReadToEnd();

            Console.WriteLine(text);
            Console.ReadLine();

        }

    }

}
John Saunders
  • 160,644
  • 26
  • 247
  • 397
nairware
  • 3,090
  • 9
  • 37
  • 58
  • 5
    Shouldn't network credentials be sent using POST? – VladL Jan 10 '13 at 15:10
  • 1
    @VladL basic http authentication is independent of the request method. I wonder what the question is though (shouldn't the credentials be assigned to the `Credentials` property of the request?) – C.Evenhuis Jan 10 '13 at 15:10
  • @VladL Sending network credentials via a GET instead of a POST is not less secure, is it? – nairware Jan 10 '13 at 16:13
  • 2
    @nairware I don't know why that comment got 4 upvotes, Basic http authentication is sent as a HTTP header regardless of whether you are using GET or POST. Both are equally secure (not secure at all unless you use https). – C.Evenhuis Jan 14 '13 at 15:21
  • If dealing with 401 -> http://stackoverflow.com/questions/2038808/the-remote-server-returned-an-error-401-unauthorized – Nick Oct 19 '16 at 20:24

1 Answers1

13

If you have to add basic authentication to your request without waiting for a challenge you can append the header manually:

var request = WebRequest.Create("http://myserver.com/service");
string authInfo = userName + ":" + userPassword;
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));

//like this:
request.Headers["Authorization"] = "Basic " + authInfo;

var response = request.GetResponse();
istepaniuk
  • 4,016
  • 2
  • 32
  • 60
  • I did not find this out until recently, but perhaps the preferred code includes `request.Credentials = new NetworkCredential(username, password);` I was using this code recently for something else, and another coder made that recommendation to me. Both approaches work for me. – nairware Jul 21 '13 at 16:28
  • 1
    @nairware, AFAIK, if you set `Credentials`, the request will be sent without them, then the.NET HTTP client will wait for the response to be an HTTP 401 code containing a `WWW-Authenticate` HTTP header (what I called challenge). Then it will repeat the request including the credentials. This is the proper way according the RFC, but if the server does not work that way, you need to blindly send the `Authorization` header manually like I suggested. – istepaniuk Jul 23 '13 at 09:09