What is wrong with my Basic Authentication in my Browser?

Posted by Pure.Krome on Stack Overflow See other posts from Stack Overflow or by Pure.Krome
Published on 2010-03-26T14:49:32Z Indexed on 2010/03/28 4:23 UTC
Read the original article Hit count: 393

Hi folks,

i'm trying to goto the following url :-

http://user1:pass1@localhost:1234/api/users?format=xml

nothing to complex. Notice how i've got the username/password in the url? this, i believe, is for basic authentication.

When I do that, the Request Headers are MISSING the 'Authorize' header. Er... that's not right :(

I have anonymous authentication only setup on the site. I don't want to have anon off and basic turned on .. because not all of the site requires basic.. only a few action methods.

So .. why is this not working? Is this something to do with the fact my code is not sending a 401 challenge or some crap?

For What It's Worth, my site is ASP.NET MVC1 running on IIS7 (and the same thing happens when i run it on cassini).

Update:

If this is an illegal way of calling a resource using basic auth (ala security flaw) .. then is this possible to do, for an ASP.NET MVC website .. per action method (and not the entire site, per say)?

© Stack Overflow or respective owner

Related posts about basic-authentication

Related posts about iis7