Page 1 of 1
XMLHTTP Request Header Authorization format
Posted: Fri Mar 07, 2008 4:26 pm
by Johndc
I'm creating my own Handler using the AuthenticationHandler like the ClientApi.
I've been trying to pass the Authorization Header, but I'm not sure which format the AuthenticationHandler.GetUserName(string text) and AuthenticationHandler.GetPassword(string text) are expecting.
Does anyone know the format of the username and password to pass?
Posted: Sat Mar 08, 2008 11:17 am
by bobr2k
Does this help? (from CommerceBuilder Class Library Documentation)
public override string GetPassword(
string username,
string answer
)
Public Overrides Function GetPassword ( _
username As String, _
answer As String _
) As String
public:
virtual String^ GetPassword(
String^ username,
String^ answer
) override
Parameters
username (String)
[Missing <param> documentation for "username"]
answer (String)
[Missing <param> documentation for "answer"]
Return Value
Posted: Sat Mar 08, 2008 2:37 pm
by Johndc
Not Really. This is the code from the ClientApiService.ashx:
Code: Select all
string AuthHeader = request.Headers["Authorization"];
string userName = GetUserName(AuthHeader);
string password = GetPassword(AuthHeader);
if(UserHasAccess(userName,password))
It seems the format is one string that both functions can read, I tried :
Username, password
Username password
Username:password
Posted: Sat Mar 08, 2008 3:36 pm
by afm
The Authorization header is described in
RFC 2617. I that is what the GetUserName and GetPassword methods are expecting.
If the page you are requesting is in a directory that requires authorization (i.e. anonymous access is denied), then the webclient (browser, etc) will add the appropriate authorization header for you.
If you are creating your own authorization header for testing, then the Basic format is the easiest to replicate. I think it is just a base 64 encoded version of username:password.