1

I need to consume web service that requires basic pre-emptive authentication. I have below code, but getting an error on response -

'The remote server returned an error: (403) Forbidden.'

User credentials are correct. Any ideas what is wrong? 

string url = "MYURL";
HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest;

string user = "USER";
string pwd = "PASSWORD";


string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd));
req.PreAuthenticate = true;
req.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested;
req.Headers.Add("Authorization", auth);
WebResponse resp = req.GetResponse();
resp.Close();

req = HttpWebRequest.Create(url) as HttpWebRequest;
req.PreAuthenticate = true;
req.Credentials = new NetworkCredential(user, pwd);
resp.Close();
FaizanHussainRabbani
  • 3,256
  • 3
  • 26
  • 46
rimasbimas
  • 35
  • 1
  • 6
  • Do you have documentation? Authentication/Authorization takes many forms, how do you know it is using `Basic`? Modern services tend to use token authorization. – Crowcoder Feb 22 '18 at 11:06
  • Documentation says: For REST (jSON) the basic authentication will be used. This header would contain the WS-Security information. – rimasbimas Feb 22 '18 at 11:07

1 Answers1

1

401 is the error code you receive when you could not be authenticated (i.e. it's unclear who you are). If you get a 403 that means the server knows who you are but still thinks you should not be allowed access.

I guess you should talk to whoever provided you with the credentials and ask him.

nvoigt
  • 75,013
  • 26
  • 93
  • 142
  • Web service owners confirmed that user credentials are correct and we have access, but noted me that in case of REST I should use pre-emptive authentication, what I actually trying to do. We can also have an option to use SOAP. What is easier for newbies? – rimasbimas Feb 22 '18 at 11:19
  • Did you check with a tool like Fiddler that you sent the correct header? Your code is weird, maybe it helps to post a [mcve]. Parts of your code should work, but it's hard to tell which parts you are actually running. – nvoigt Feb 22 '18 at 11:44