5

Scenario

I am working on a web program for Windows Phone 8 (not that I think it matters) and using Microsoft HTTP Client Libraries

The problem

When the user tries to GET the URL, I need to know what type of authentication is needed when the response is a 401. This is very easy if it is NTLM, Basic, Digest, etc; all of the supported WinHTTP schemes. You can the use the the following code to GET the URL:

HttpResponseMessage response;
using (var httpClient = new HttpClient(httpHandler))
{
     HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, authenticationUri);
     response = await httpClient.SendAsync(request, _cancelTokenSource.Token);
}

The easiest way to check which authentication is needed is using the Headers.WwwAuthenticate.Contains method, e.g. to check if NTLM scheme is required:

string scheme = "NTLM";
bool requiredScheme = response.Headers.WwwAuthenticate.Contains(new System.Net.Http.Headers.AuthenticationHeaderValue(scheme));

If the scheme = "Bearer" then it always gives false.

Obtaining the response header

The following was obtained when trying to access a server that needs Azure Active Directory authentication.

Jason Chrome App

Using the Jason Chrome App to get the response headers from the web-server, I received:

Pragma: no-cache
Date: Fri, 10 Oct 2014 11:39:02 GMT
WWW-Authenticate: Bearer authorization_uri="https://login.windows.net/common",
    error="invalid_token", 
    error_description="The access token is missing", 
    NTLM
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Expires: -1
Cache-Control: no-cache
Content-Length: 0
X-UA-Compatible: IE=EmulateIE7

Dot-Net Http Client

Using the HttpClient the System.Net.Http.HttpResponseMessage (response) gives:

StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 0.0, Content: System.Net.Http.StreamContent, Headers:
    {
      Server: Microsoft-IIS/7.5
      WWW-Authenticate: NTLM
      X-Powered-By: ASP.NET
      X-UA-Compatible: IE=EmulateIE7
      Date: Fri, 10 Oct 2014 11:25:04 GMT
      Content-Length: 1293
      Content-Type: text/html
    }

WWW-Authenticate Comparison

From the above results the the following comparison can be made.

Jason Chrome App

Bearer authorization_uri="https://login.windows.net/common", error="invalid_token", error_description="The access token is missing",

NTLM

Dot-Net Http Client

NTLM

The Bearer part is thrown away by the Http Client (or maybe this is a restriction of the HttpResponseMessage) and only NTLM authentication is left.

Question

How or where do I get the full WWW-Authenticate header using the Dot-NET HttpClient that shows all the schemes with their content? This example is specific to Bearer; however, other (custom) schemes also exist.

Any ideas?

Additional

This same issue seems to be persistent even on Windows.Web.Http.HttpClient

Barnstokkr
  • 2,904
  • 1
  • 19
  • 34
  • Which .NET framework version are you using? – Yuval Itzchakov Oct 21 '14 at 14:06
  • Hi, I am using: Visual Studio 2013 with Update 3. Version 4.5.51641 – Barnstokkr Oct 22 '14 at 08:35
  • Is there a public server that requires this sort of authentication we can test against? Does this provide the missing value; var value = r.Headers.WwwAuthenticate.Where((h) => h.Scheme == "NTLM").First().Parameter – Yort Jul 12 '15 at 09:14
  • @Yort I don't know of a public server, the issue isn't with the NTLM, that scheme is a supported `WinHTTP` authentication type. The issue is with any scheme that's **NOT** a supported `WinHTTP` authentication type, such as Bearer. – Barnstokkr Jul 13 '15 at 08:59

0 Answers0