C# HttpWebRequest - PreAuthenticate: Still returns 401 forbidden (HTTPS)

Question

I would like to ask you for help with the following code I have quickly write, beucase I always get "403 FORBIDDEN".

HttpWebRequest pozadavek = (HttpWebRequest)WebRequest.Create("LINK THAT ASKS FOR AUTHLOGIN"); //https
    System.IO.StreamReader stream = null;
    System.String result = null;
    public Form1()
    {
        InitializeComponent();
        pozadavek.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested;
        pozadavek.Credentials = new NetworkCredential("NAME", "PASS");
        pozadavek.PreAuthenticate = true;
    }

    private void Form1_Load(object sender, EventArgs e)
    {
        WebResponse webresponse = pozadavek.GetResponse(); //throws an exception:403 forbidden
        stream = new System.IO.StreamReader(webresponse.GetResponseStream());
        result = stream.ReadToEnd();
        this.webBrowser1.DocumentText = result;
    }

score 5 · Accepted Answer · edited Jun 05 '22 at 15:23

5

The site you are trying to open requires Basic Authentication. Bottom line is, you need to include the username/password in base64 encoded with your request. Luckily, .Net does that for you. Construct your request like this:

var credCache = new CredentialCache();
credCache.Add(new Uri("https://is.vsfs.cz/auth"), "Basic",
                  new NetworkCredential("user", "pwd"));
var request = (HttpWebRequest)WebRequest.Create(uri);
request.Credentials = credCache;

Here's one article explaining in more detail how various auth schemes are handled in .Net.

edited Jun 05 '22 at 15:23

Aidan Whitehall

397
1
4
13

answered Feb 08 '10 at 08:39

Peter Lillevold

33,668
7
97
131

No, with either "true" and "false" it is the same. I am not sure whether it is the correct way, opening the link in browser will open an popup asking for username and password. – Snake Feb 08 '10 at 08:41
If "authentication" is done through a popup it is initially enforced clientside. Your request will never see that. It sounds like the site is using some sort of forms authentication. Perhaps you can get a direct url to the login page, but even then using the Credentials property will probably not work, you'll have to send username/pwd to the page using a POST request. – Peter Lillevold Feb 08 '10 at 09:52
Oh, I can see there is "https". I have changed the URI in the program and now get 401...any ideas please? – Snake Feb 08 '10 at 10:08
401 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) still means you are not authorized. You should get a url directly to the login page and construct a POST that the page will accept. – Peter Lillevold Feb 08 '10 at 10:13

score 0 · Answer 2 · answered Oct 02 '15 at 07:38

This code works 4 me...

Uri address = new Uri("https://www.example.com");
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(address);
string authInfo = username + ":" +password;
authInfo = Convert.ToBase64String(Encoding.UTF8.GetBytes(authInfo));
request.Headers.Add("Authorization", "Basic " + authInfo);
NetworkCredential myCreds = new NetworkCredential(username, password);
request.Credentials = myCreds;
request.Method = WebRequestMethods.Http.Get;
request.AllowAutoRedirect = true;
request.Proxy = null;

C# HttpWebRequest - PreAuthenticate: Still returns 401 forbidden (HTTPS)

2 Answers2