I have setup a basic authentication ActionFilterAttribute in my MVC web site to lock it down while in development, which works 100% across all the browsers that I am testing for (IE9+, Chrome, FF, iOS Safari) but when I load up Chrome in Android 4.0, it simply displays a 401 access denied and NEVER asks me for the basic authentication credentials?
This is my code for the OnAuthorization method:
public void OnAuthorization(AuthorizationContext filterContext)
{
var controllerName = (filterContext.RouteData.Values["controller"] as string).ToLower();
if (_controllersToIgnore.Contains(controllerName))
{
return;
}
bool credentialsMatch = false;
var req = filterContext.HttpContext.Request;
if (!string.IsNullOrEmpty(req.Headers["Authorization"]))
{
var cred = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(req.Headers["Authorization"].Substring(6))).Split(':');
var user = new { Name = cred[0], Pass = cred[1] };
if (user.Name == Username && user.Pass == Password)
{
credentialsMatch = true;
}
}
if (!credentialsMatch)
{
var res = filterContext.HttpContext.Response;
res.StatusCode = 401;
res.AddHeader("WWW-Authenticate", "Basic realm=\"\"");
res.End();
filterContext.Result = new EmptyResult();
}
}
This problem went away on its own strangely enough, I did nothing (apparent) and it just stopped occurring.