tag:blogger.com,1999:blog-1528805174514452404.post4080342028674931410..comments2024-03-27T17:10:25.297-04:00Comments on Allen Conway: RESTful Services: Authenticating Clients Using Basic AuthenticationAllen Conwayhttp://www.blogger.com/profile/07010967958393033081noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-1528805174514452404.post-54612850387105618092018-01-27T08:08:38.744-05:002018-01-27T08:08:38.744-05:00Thank you, that was just an awesome post!!!Thank you, that was just an awesome post!!!Health Yatrahttp://www.healthyatra.comnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-27765072887655042342015-10-21T03:34:11.295-04:002015-10-21T03:34:11.295-04:00Getting below error . if trying to access service ...Getting below error . if trying to access service url by HttpWebRequest:-<br /><br />The remote server returned an error: (401) Unauthorized.Anonymoushttps://www.blogger.com/profile/15516369792597054932noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-46958862158685640782015-07-28T16:28:26.635-04:002015-07-28T16:28:26.635-04:00Great tutorial. Did you ever do the post dealing ...Great tutorial. Did you ever do the post dealing with the Certificate clientCredentialType? Anonymoushttps://www.blogger.com/profile/17140797144130450031noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-65927234840404213422015-03-20T16:55:01.575-04:002015-03-20T16:55:01.575-04:00Thanks Allen.
Is WebAPI better than WCF? Why else...Thanks Allen.<br /><br />Is WebAPI better than WCF? Why else would it be a better option than WCF?<br /><br />Its WebAPI easier to configure than WCF? WCF is always a nightmare to get the config settings working.<br /><br />Do you have any posts on how to create a WebAPI RESTful service?Sonic Vaderhttps://www.blogger.com/profile/11787247303126065822noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-18361480605788196882015-03-19T03:17:33.668-04:002015-03-19T03:17:33.668-04:00Yes you could use a GUID and check for it in the e...Yes you could use a GUID and check for it in the endpoint to make sure the call is authorized. I though would probably go the route of using a more common standard like using Basic Authentication or passing a Bearer token in the header. This post is a tad older so I would probably opt for a WebAPI RESTful service as opposed to a WCF service. If using WebAPI, you can then override the SendAsync method in a custom handler to inspect the credentials in the header and only proceed if the credentials match what you expect. Now with any information passing, GUID, Basic Authentication, Bearer token, etc. you must use HTTPS to secure that passing of data otherwise it could be compromised as it would pass over the wire in plain text for anyone to see.Allen Conwayhttps://www.blogger.com/profile/07010967958393033081noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-27911149258113567802015-03-18T19:29:44.225-04:002015-03-18T19:29:44.225-04:00Hi Allen,
If I had a phone app client, and only t...Hi Allen,<br /><br />If I had a phone app client, and only that phone app was allowed to call my RESTful service,could I simply use a GUID as a parameter so that the service can check for the GUID and if correct then grant access to the caller?Sonic Vaderhttps://www.blogger.com/profile/11787247303126065822noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-24196219759626028952015-03-18T19:07:14.541-04:002015-03-18T19:07:14.541-04:00I love you Allen. Your posts are excellent and hel...I love you Allen. Your posts are excellent and help where MS documentation is lacking.Sonic Vaderhttps://www.blogger.com/profile/11787247303126065822noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-53723700393883463972015-01-31T09:49:36.048-05:002015-01-31T09:49:36.048-05:00me too having the same problem with usernamepasswo...me too having the same problem with usernamepasswordvalidatorAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-70823610601519189312014-08-12T07:45:52.325-04:002014-08-12T07:45:52.325-04:00Hi,
I am having the same problem as several users ...Hi,<br />I am having the same problem as several users above regarding code never reaching UserNamePasswordValidator.<br />I am using IIS 7.5.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-46549703110933673592013-08-06T18:54:21.458-04:002013-08-06T18:54:21.458-04:00My issue below was address in his blog post:
http:...My issue below was address in his blog post:<br />http://allen-conway-dotnet.blogspot.com/2012/07/using-basic-authentication-in-rest.html<br /><br />Travichhttps://www.blogger.com/profile/11600162979693139996noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-88521903615355208672013-08-06T15:47:27.546-04:002013-08-06T15:47:27.546-04:00I am getting the same thing as several users above...I am getting the same thing as several users above regarding code never reaching UserNamePasswordValidator. I monkeyed with IIS thinking that would make a difference but no dice. Anyone figure this out?Travichhttps://www.blogger.com/profile/11600162979693139996noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-38162187913391196452013-05-22T06:08:23.207-04:002013-05-22T06:08:23.207-04:00im always getting The remote server returned an e...im always getting The remote server returned an error: (500) Internal Server Error.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-83853199828849803882013-03-07T12:12:20.802-05:002013-03-07T12:12:20.802-05:00Allen,
Excellent post. I was trying to do the sam...Allen,<br /><br />Excellent post. I was trying to do the same thing but always Basic authentication calls and checks against the windows account and not overriding the custom usernamevalidator class. using iis 7, is there any specific change i have to do in iis. But when i tried to do serviceAuthorizationManagerType, then it is working fine. <br /><br />Pls let me knowAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-87523663503086199622013-02-12T19:22:08.298-05:002013-02-12T19:22:08.298-05:00This works find in self hosted environment. soon a...This works find in self hosted environment. soon as I move it to iis7. Username and password never reaches UserNamePasswordValidator class.MidnightCoderhttps://www.blogger.com/profile/14088687417458421047noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-6439855435682394542013-01-18T21:16:20.792-05:002013-01-18T21:16:20.792-05:00Allen,
I am getting following error:
The authent...Allen,<br /><br />I am getting following error:<br /><br />The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'WebHttpBinding' ('Basic'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.<br /><br />Note that SecurityMode is set to Transport as mentioned by you. My WCF REST service is meant to be called from cross-domain jquery client. My IIS application currently has anonymous and forms authentication enabled. <br /><br />Here is my web.config.<br /><br /><br /><br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /><br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /><br /><br />Please advise.Netizenhttps://www.blogger.com/profile/05218856938570721344noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-17291791728825767202013-01-18T15:06:19.900-05:002013-01-18T15:06:19.900-05:00Actually all of my work was done against IIS 7 and...Actually all of my work was done against IIS 7 and worked well. Is there a specific issue you are having?Allen Conwayhttps://www.blogger.com/profile/07010967958393033081noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-19649890140101587812013-01-18T14:59:43.550-05:002013-01-18T14:59:43.550-05:00This doesn't seem to work when hosting with II...This doesn't seem to work when hosting with IIS 7. Mike Junkinhttps://www.blogger.com/profile/08638108328495295802noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-50748611080606810412012-12-31T00:27:48.199-05:002012-12-31T00:27:48.199-05:00Hello Allen,
Thank you for your wonderful series ...Hello Allen,<br /><br />Thank you for your wonderful series on securing WCF Data Services. It was very helpful to get my app secured in a couple of hours.<br />cp.netnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-50021978130958586422012-09-15T13:15:00.985-04:002012-09-15T13:15:00.985-04:00Great blog post(s)! Exactly what I needed for my n...Great blog post(s)! Exactly what I needed for my new project which has to support requests from several different programming languages and environments. I've never known that WCF REST services are so straight-forward to use, but thanks to you, my service runs per SSL and has a fine security concept - even usable from a simple web browser.Harry Blauberghttps://github.com/hblaubnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-62976815391080470012012-08-15T14:15:12.310-04:002012-08-15T14:15:12.310-04:00Well a few points to make here. 1st off, authentic...Well a few points to make here. 1st off, authentication techniques and HTTP are web protocols and have nothing to do with Microsoft. These posts were in regards to WCF hosted RESTful services. And 'yes', there are several steps in getting the authentication up and running in order to be considered 'secure'. I think though there is an answer to your needs which is the new Web API built as a part of ASP.NET MVC. It streamlines the process of hosting and securing REST based services quite a bit. Have a look: http://www.asp.net/web-api Allen Conwayhttps://www.blogger.com/profile/07010967958393033081noreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-79671161968761347972012-08-15T12:56:20.112-04:002012-08-15T12:56:20.112-04:00Are you serious. This thing spanned 4 difference p...Are you serious. This thing spanned 4 difference posts. I hope MS has a better (simpler) solution for securing REST services.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-53257809109572763512012-07-11T14:27:08.665-04:002012-07-11T14:27:08.665-04:00Nice tut. I would love to see this but self hosted...Nice tut. I would love to see this but self hosted in a winform. I tried those instruction and ended up with a blank page. I could enter the user/pass and it would auth. ok but once "logged" the service was blank.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1528805174514452404.post-41192924158739498422012-07-09T03:41:25.226-04:002012-07-09T03:41:25.226-04:00First of all I’d like to say Allen that your blog ...First of all I’d like to say Allen that your blog is pretty good and have some useful information regarding <a href="http://www.goodcoresoft.com/asp-dot-net-development-company/" rel="nofollow">DOT NET Development Services</a>. I am searching <a href="http://www.goodcoresoft.com/hire-dot-net-developers/" rel="nofollow">Dedicated .NET Developers</a> for my new project because it is a vast and big projects and I also need some information which I got from this blog. Thanks for sharing this wonderful post.Andrew Stevensonhttps://www.blogger.com/profile/11813916031709767260noreply@blogger.com