38

I have a WPF client using RestSharp and WEB API Service. I try to use HttpBasicAuthenticator as follows:

RestRequest login = new RestRequest("/api/users/login", Method.POST);
var authenticator = new HttpBasicAuthenticator("admin","22");
authenticator.Authenticate(Client, login);
IRestResponse response = Client.Execute(login);

The POST request looks like this:

POST http://localhost/api/users/login HTTP/1.1
Authorization: Basic YWRtaW46MjI=
Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml
User-Agent: RestSharp/105.1.0.0
Host: dellnote:810
Content-Length: 0
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
  1. How do I process this field, Authorization: Basic YWRtaW46MjI= on the server side? Do I get username and password from this header?
  2. How do I return security token from server to client and save it on the client side?

I need to get simple authentication based on security token but cannot find example that describes all sides of this process. Can someone point me to some full example that includes client and server side (and uses RestSharp).

Kcvin
  • 4,955
  • 2
  • 31
  • 53
RomaS
  • 381
  • 1
  • 3
  • 3

5 Answers5

62

new SimpleAuthenticator("username", username, "password", password) did NOT work with me.

The following however worked:

var client = new RestClient("http://example.com");
client.Authenticator = new HttpBasicAuthenticator(userName, password);

var request = new RestRequest("resource", Method.GET);
client.Execute(request);
Gerhard Powell
  • 5,675
  • 5
  • 49
  • 57
9

From RestSharp documentation:

var client = new RestClient("http://example.com");
client.Authenticator = new SimpleAuthenticator("username", "foo", "password", "bar");

var request = new RestRequest("resource", Method.GET);
client.Execute(request);

The URL generated for this request would be http://example.com/resource?username=foo&password=bar

So you get the password just as any other parameter (although, it's recommended to use POST method then GET, for security reasons).

As for the cookies, check this out: https://msdn.microsoft.com/en-us/library/system.windows.application.setcookie.aspx

https://msdn.microsoft.com/en-us/library/system.windows.application.getcookie.aspx

Hope it helps

Felix Av
  • 1,234
  • 1
  • 13
  • 22
  • What about my second question? – RomaS Aug 13 '15 at 06:10
  • I think cookies is the way to go, for that – Felix Av Aug 13 '15 at 06:20
  • I've thought about using CookieContainer and FormsAuthentication.SetAuthCookie method. But it's more like a browser way (and I have WPF client). I'm not sure that cookies is the right way. – RomaS Aug 13 '15 at 09:59
  • As far as I know you can use cookies with WPF. I've added links in the answer – Felix Av Aug 13 '15 at 10:09
  • It should be noted that the above code will fail if you don't include "using RestSharp.Authenticators" at the top, or just replace "SimpleAuthenticator" with "RestSharp.Authenticators.SimpleAuthenticator". – Kris Craig Jul 29 '16 at 07:24
5

The following worked for me:

private string GetBearerToken()
{
    var client = new RestClient("http://localhost");
    client.Authenticator = new HttpBasicAuthenticator("admin", "22");
    var request = new RestRequest("api/users/login", Method.POST);
    request.AddHeader("content-type", "application/json");
    request.AddParameter("application/json", "{ \"grant_type\":\"client_credentials\" }", ParameterType.RequestBody);
    var responseJson = _client.Execute(request).Content;
    var token = JsonConvert.DeserializeObject<Dictionary<string, object>>(responseJson)["access_token"].ToString();
    if(token.Length == 0)
    {
        throw new AuthenticationException("API authentication failed.");
    }
    return token;
}
Ε Г И І И О
  • 9,464
  • 1
  • 42
  • 52
4
RestClient restClient = new RestClient(baseUrl);
restClient.Authenticator = new RestSharp.Authenticators.HttpBasicAuthenticator("admin","22");

RestRequest login = new RestRequest("/api/users/login", Method.POST);
IRestResponse response = restClient.Execute(login);
Riko
  • 41
  • 1
2

Alternative answer your first question about retrieval of Auth Header values (Server Side) from How can I retrieve Basic Authentication credentials from the header?:

private UserLogin GetUserLoginCredentials()
{
    HttpContext httpContext = HttpContext.Current;
    UserLogin userLogin;
    string authHeader = httpContext.Request.Headers["Authorization"];

    if (authHeader != null && authHeader.StartsWith("Basic"))
    {
        string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
        Encoding encoding = Encoding.GetEncoding("iso-8859-1");
        string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
        int seperatorIndex = usernamePassword.IndexOf(':');

        userLogin = new UserLogin()
        {
            Username = usernamePassword.Substring(0, seperatorIndex),
            Password = usernamePassword.Substring(seperatorIndex + 1)
        };
    }
    else
    {
        //Handle what happens if that isn't the case
        throw new Exception("The authorization header is either empty or isn't Basic.");
    }
    return userLogin;
}

Usage of this method might be:

UserLogin userLogin = GetUserLoginCredentials();

Also have a look at: A-WebAPI-Basic-Authentication-Authorization-Filter

Alternative answer on second question about returning the token (Server Side):

var httpResponseMessage = Request.CreateResponse();

TokenResponse tokenResponse;
bool wasAbleToGetAccesToken = _identityServerHelper.TryGetAccessToken(userLogin.Username, userLogin.Password,
            platform, out tokenResponse);

httpResponseMessage.StatusCode = wasAbleToGetAccesToken ? HttpStatusCode.OK : HttpStatusCode.Unauthorized;
httpResponseMessage.Content = new StringContent(JsonConvert.SerializeObject(tokenResponse),
            System.Text.Encoding.UTF8, "application/json");

return httpResponseMessage;
Community
  • 1
  • 1
Jacques Kammeyer
  • 37
  • 2
  • 6