1

I'm using React Native with the plugin for the Universal Windows Platform to access remote resources on a REST server.

When doing a fetch request for a resource that requires authorization via HTTP Basic Auth, I can provide the request with an additional "Authorization" header and everything works fine as long as the credentials are correct.

If the credentials are wrong I'm presented with a Windows-native login prompt (similar to the one when connecting to a remote computer). This prompt is not managed by my app, but automatically seems to pop up when the underlying network connection detects a 401 Unauthorized server response.

Here is what I do inside React Native:

let encodedCredentials = new Buffer(this.state.username + ":" + this.state.password).toString("base64");

let response = await fetch(this.state.serverUrl, {
    method: 'GET',
    headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
        'Authorization': "Basic " + encodedCredentials, 
    }
});

let responseJson = await response.text();

alert(responseJson);

The server response, when provided with incorrect credentials, includes:

Status Code: 401 Unauthorized
WWW-Authenticate: Basic realm="iOSResource"

Note that the native login prompt seems to delay the fetch request as a whole. I can enter wrong credentials and confirm the prompt multiple times without the alert firing once. Only when the prompt is explicitly cancelled, the correct credentials are entered or wrong credentials have been tried a couple of times the fetch await continues.

Unfortunately this brings up another issue: When entering wrong credentials in the popup prompt a couple of times and it finally "gives up", I can supply whatever credentials I want to the fetch request, it will not supply my own authorization header to the server in any future requests. The data sent will be stuck to whatever I entered in the prompt before it closed. In this case it does not bring up the prompt again and the request just immediately fails. That leaves me unable to correct the credentials in my own app, because they are simply not sent within the request. I have confirmed this by inspecting the outgoing data in Wireshark.

I guess Windows seems to transparently tamper with the network request to intercept special response codes and re-prompt credentials if necessary before returning the request result to the actual caller for the first time.

I want to deal with incorrect credentials in the app, instead of causing Windows to intercept requests. Is there a way to suppress this native prompt and immediately proceed with my own code in case the Basic Auth fails?

Edit: The behavior is exactly the same when using Axios instead of plain fetch. Seems like both ultimately do a XMLHttpRequest, which is filtered the same way.

Jilocasin
  • 91
  • 8
  • I just ran into the same issue. Did you find a solution? – Leo Apr 05 '19 at 17:10
  • Unfortunately I did not. We stopped using React Native since then as it was only an evaluation process. – Jilocasin Apr 06 '19 at 19:52
  • Too bad. I hooped that you might have found a solution. We will probably open an issue in the react-native-windows github repo about that. I'll link it when we created the issue. – Leo Apr 09 '19 at 11:22

0 Answers0